The popular generative AI (GenAI) model allows hallucinations, easily avoidable guardrails, susceptibility to jailbreaking and malware creation requests, and more at critically high rates, researchers find.

Source: Mundissima via Alamy Stock Photo

Organizations might want to think twice before using the Chinese generative AI (GenAI) DeepSeek in business applications, after it failed a barrage of 6,400 security tests that demonstrate a widespread lack of guardrails in the model.

That's according to researchers at AppSOC, who conducted rigorous testing on a version of the DeepSeek-R1 large language model (LLM). Their results showed the model failed in multiple critical areas, including succumbing to jailbreaking, prompt injection, malware generation, supply chain, and toxicity. Failure rates ranged between 19.2% and 98%, they revealed in a recent report.

Two of the highest areas of failure were the ability for users to generate malware and viruses using the model, posing both a significant opportunity for threat actors and a significant threat to enterprise users. The testing convinced DeepSeek to create malware 98.8% of the time (the "failure rate," as the researchers dubbed it) and to generate virus code 86.7% of the time.

Such a lackluster performance against security metrics means that despite all the hype around the open source, much more affordable DeepSeek as the next big thing in GenAI, organizations should not consider the current version of the model for use in the enterprise, says Mali Gorantla, co-founder and chief scientist at AppSOC.

Related:CISA Places Election Security Staffers on Leave

"For most enterprise applications, failure rates about 2% are considered unacceptable," he explains to Dark Reading. "Our recommendation would be to block usage of this model for any business-related AI use."

**DeepSeek's High-Risk Security Testing Results**

Overall, DeepSeek earned an 8.3 out of 10 on the AppSOC testing scale for security risk, 10 being the riskiest, resulting in a rating of "high risk." AppSOC recommended that organizations specifically refrain from using the model for any applications involving personal information, sensitive data, or intellectual property (IP), according to the report.

AppSOC used model scanning and red teaming to assess risk in several critical categories, including: jailbreaking, or "do anything now," prompting that disregards system prompts/guardrails; prompt injection to ask a model to ignore guardrails, leak data, or subvert behavior; malware creation; supply chain issues, in which the model hallucinates and makes unsafe software package recommendations; and toxicity, in which AI-trained prompts result in the model generating toxic output.

The researchers also tested DeepSeek against categories of high risk, including: training data leaks; virus code generation; hallucinations that offer false information or results; and glitches, in which random "glitch" tokens resulted in the model showing unusual behavior.

Related:Data Leaks Happen Most Often in These States — Here's Why

According to Gorantla's assessment, DeepSeek demonstrated a passable score only in the training data leak category, showing a failure rate of 1.4%. In all other categories, the model showed failure rates of 19.2% or more, with median results in the range of a 46% failure rate.

"These are all serious security threats, even with much lower failure rates," Gorantla says. However, the high failure results in the malware and virus categories demonstrate significant risk for an enterprise. "Having an LLM actually generate malware or viruses provides a new avenue for malicious code, directly into enterprise systems," he says.

**DeepSeek Use: Enterprises Proceed With Caution**

AppSOC's results reflect some issues that have already emerged around DeepSeek since its release to much fanfare in January with claims of exceptional performance and efficiency even though it was developed for less than $6 million by a scrappy Chinese startup.

Soon after its release, researchers jailbroke DeepSeek, revealing the instructions that define how it operates. The model also has been controversial in other ways, with claims of IP theft from OpenAI, while attackers looking to benefit from its notoriety already have targeted DeepSeek in malicious campaigns.

Related:XE Group Shifts From Card Skimming to Supply Chain Attacks

If organizations choose to ignore AppSOC's overall advice not to use DeepSeek for business applications, they should take several steps to protect themselves, Gorantla says. These include using a discovery tool to find and audit any models used within an organization.

"Models are often casually downloaded and intended for testing only, but they can easily slip into production systems if there isn't visibility and governance over models," he says.

The next step is to scan all models to test for security weaknesses and vulnerabilities before they go into production, something that should be done on a recurring basis. Organizations also should implement tools that can check the security posture of AI systems on an ongoing basis, including looking for scenarios such as misconfigurations, improper access permissions, and unsanctioned models, Gorantla says.

Finally, these security checks and scans need to be performed during development (and continuously during runtime) to look for changes. Organizations should also monitor user prompts and responses, to avoid data leaks or other security issues, he adds.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

DeepSeek AI Fails Multiple Security Tests, Raising Red Flag for Businesses

Improvements in cyber hygiene and resiliency made it possible for victim organizations to skip paying ransom amounts in 2024.

The total volume of ransom payments decreased year-over-year by approximately 35%, due to law enforcement activities and more victims refusing to pay, according to blockchain analytics company Chainalysis.

In 2024, ransomware attackers collected approximately $813.55 million in payments, a significant drop from the $1.25 billion collected in 2023 and $1.07 billion collected in 2021, Chainalysis said in its 2025 Crypto Crime Report. Payments were slightly up by approximately 2% in the first half of the year, leading the company to estimate that 2024 would surpass 2023's totals. While the number of ransomware events increased in the second half of 2024, on-chain payments declined, suggesting that even though more victims were targeted, fewer actually paid the ransom. In some cases, those who paid managed to successfully negotiate the ransom amount to a much smaller amount.

Victims organizations have wrestled with the pay-or-not-pay dilemma for years. On one hand, paying may be the only answer is there is no other way to recover the data or if the downtime waiting to recover the data is too long. On the other hand, paying rewards criminal activity, funds future activities, and may encourage more attacks against the victim. Improved cyber hygiene and overall resiliency is helping organizations make the decision to not pay, according to Christian Geyer, founder and CEO of Actfore. Better incident response capabilities, digital forensics, and data mining services are helping victims identify the breached data faster.

"Organizations have increasingly implemented comprehensive data backup solutions, so the business can rapidly recover their systems through a wipe and restore process," Geyer said. 

Another reason is that law enforcement actions are making an impact on the ransomware ecosystem. Several ransomware groups that were prolific in 2023 and the first half of 2024 were not as active in the second half of the year. LockBit is one such case. The United Kingdom's National Crime Agency, the U.S. Federal Bureau of Investigation, and law enforcement entities in Canada, Japan, and Australia, collaborated in Operation Cronos to seize data and websites associated with LockBit in February 2024. That disruption seemed particularly effective, as payments to the criminals behind LockBit decreased by 79% in the second half of 2024. Similarly, ALPHV/BlackCat going dark in March 2024 after collecting $22 million from Change Healthcare left “a void” in the second half of 2024, Chainalysis said.

When a large group leaves the cybercrime ecosystem — either after a law enforcement disruption or voluntarily shutting down operations — there usually is a slight dip in activity and then another group ramps up activities to fill that vacuum. That doesn't seem to have happened in 2024, Lizzie Cookson, a senior director of incident response at Coveware, told Chainalysis. "We saw a rise in lone actors, but we did not see any group(s) swiftly absorb their market share…The current ransomware ecosystem is infused with a lot of newcomers who tend to focus efforts on the small- to mid-size markets, which in turn are associated with more modest ransom demands."

Ransomware Groups Made Less Money in 2024

The likely Vietnam-based threat actor has been using two zero-days in VeraCore's warehouse management software in some of its latest cyberattacks.

Source: HakanGider via Shutterstock

A cybercrime group long associated with credit card theft has expanded into targeted information stealing from supply chain organizations in the manufacturing and distribution sectors.

In some of these new attacks the threat actor, whom several vendors track as the XE Group and link to Vietnam, has exploited two zero-day vulnerabilities in VeraCore's warehouse management platform to install Web shells for executing a variety of malicious actions.

**Zero-Day Exploits in VeraCore**

In a joint report this week, researchers from Intezer and Solis described the activity they observed recently as a sign of the heightened threat the group presents to organizations.

"XE Group's evolution from credit card skimming operations to exploiting zero-day vulnerabilities underscores their adaptability and growing sophistication," the researchers wrote. "By targeting supply chains in the manufacturing and distribution sectors, XE Group not only maximizes the impact of their operations but also demonstrates an acute understanding of systemic vulnerabilities."

XE Group is a likely Vietnamese threat actor that multiple vendors, including Malwarebytes, Volexity, and Menlo security have tracked for years. The group first surfaced in 2013, and through at least late 2024 was known primarily for leveraging Web vulnerabilities to deploy malware for skimming credit card numbers and associated data from e-commerce sites.

In June 2023, the US Cybersecurity and Infrastructure Security Agency (CISA) identified XE Group as one of several threat actors exploiting vulnerabilities in Progress Telerik software running on government IIS servers and executing remote commands on them. One of the vulnerabilities that CISA identified in its report (CVE-2017-9248) was the same one that Malwarebytes first observed XE Group exploiting back in 2020 in card skimmer attacks targeting ASP.Net sites. That campaign, as Intezer and Solis noted in their report, was notable for its focus on ASP.Net sites, which were rarely targeted at the time. In 2023, Menlo Security reported seeing XE Group deploying multiple strategies, including supply chain attacks to deploy card skimmers on websites, and also setting up fake sites for stealing personal information and selling it in underground forums.

What Solis and Intezer have observed now is a continued expansion of the threat actor's activities, exploitation techniques, and malware since then. The group's newer attack tactics include injecting malicious JavaScript into webpages, exploiting vulnerabilities in widely deployed products, and using custom ASPX Web shells to maintain access to compromised system.

**XE Group's Long-Term Cyberattack Objectives**

In several of the recent attacks, the threat actor has used the two VeraCore zero-days (CVE-2024-57968, an upload validation vulnerability with a CVSS severity score of 9.9; and CVE-2025-25181, a SQL injection flaw with a 5.8 severity score) to deploy multiple Web shells on compromised systems.

"In at least one instance, Solis and Intezer researchers discovered the threat actor had exploited one of the VeraCore vulnerabilities as far back as January 2020 and had maintained persistent access to the victim's compromised environment since then," according to the joint report. "In 2024, the group reactivated a webshell initially deployed \[in January 2020\], highlighting their ability to remain undetected and reengage targets. Their ability to maintain persistent access to systems … years after initial deployment, highlights the group’s commitment to long-term objectives."

The XE Group's recent shift in tactics and targeting are consistent with a broader focus among threat actors on the software supply chain. Though SolarWinds remains perhaps the best known example, there have been several other significant attacks on widely used software products and services. Examples include attacks on Progress Software's MOVEit file transfer tool, a breach at Okta that affected all of its customers, and a breach at Accellion that allowed attackers to deploy ransomware on some of the company's customers.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

XE Group Shifts From Card Skimming to Supply Chain Attacks

After claiming responsibility for the ransomware attack in 2024, the "Embargo" ransomware group posted 1.15 terabytes of stolen data to its public Tor site.

Source: Mint Images Limited via Alamy Stock Photo

NEWS BRIEF

In Bainbridge, Ga., the small Memorial Hospital and Manor is notifying 120,000 individuals that their personal information was stolen in a ransomware attack.

The ransomware attack was first disclosed in November, but at the time, it said that though its systems were down, and staff would have to revert to pen and paper to record patient information, its operations remained uninterrupted. 

Memorial retained cybersecurity experts and launched a forensic investigation to determine the scope of the breach and what was compromised. Though it still hasn't provided information on what kind of ransomware infected its systems, the Embargo ransomware group claimed responsibility for the attack, alleging that it stole 1.15 terabytes of data from the hospital's systems — information that is now available for public viewing on its Tor leak site.

In a filing with the Maine Attorney General's Office, Memorial wrote that notification letters were mailed out to affected Maine residents on Feb. 7, offering a year of complimentary identity protection services, credit monitoring, a $1 million identity fraud loss reimbursement policy, and identity theft recovery services through IDX. 

Some of the personal information Memorial notes in its letter that may have been impacted include names, Social Security numbers, dates of birth, health insurance information, medical treatment, and medical history. 

"Please note that Memorial has no current evidence to suggest misuse or attempted misuse of personal information involved," Memorial wrote, though now that this information is readily available on a public site, it may not be long before threat actors use it to their advantage.

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

120K Victims Compromised in Memorial Hospital Ransomware Attack

PRESS RELEASE

WASHINGTON – Eric Council, 25, of Athens, Alabama, entered a guilty plea today to one count of conspiracy to commit aggravated identity theft in United States District Court for the District of Columbia. Council was arrested on October 17, 2024, in connection with his role in a conspiracy to hack into the X account of the U.S. Securities and Exchange Commission (SEC) and publish fraudulent posts in the name of the then-SEC Chairman. 

The plea was announced by U.S. Attorney Edward R. Martin, Jr., Supervisory Official Antoinette T. Bacon of the Justice Department’s Criminal Division, SEC Inspector General Deborah Jeffrey and FBI Special Agent in Charge Sean Ryan of the Washington Field Office, Criminal and Cyber Division.

Council’s plea was entered before U.S. District Court Judge Amy Berman Jackson in the District of Columbia. He faces a maximum sentence of five years in prison, a $250,000 fine, and up to three years of supervised release. His sentencing is scheduled for May 16, 2025.

According to court documents, from at least January 2024, Council conspired with others to carry out Subscriber Identity Model (SIM) attacks, commonly referred to as “SIM swaps,” in exchange for money. 

A SIM card is a chip that stores information identifying and authenticating a cell phone subscriber and connects a physical cell phone to a mobile carrier’s cellular and data network. A SIM swap attack is a form of sophisticated fraud where criminal actors fraudulently induce a mobile carrier to reassign a mobile phone number from a victim’s SIM card to a SIM card and telephone controlled by a criminal actor attempting to access valuable information associated with the victim’s telephone. Members of SIM swapping groups conduct SIM swaps for the purpose of defeating multifactor authentication and/or two-step verification security features for internet connected accounts, such as social media and virtual currency accounts. 

After convincing a mobile carrier to reassign a phone number to a new SIM card in the criminal actor’s control, members of the conspiracy generate password reset security authentication codes for online accounts and those codes are in turn sent to the telephone in the control of the criminal actor. Members of SIM swap groups share the security reset codes with one another to unlawfully access a victim’s internet connected accounts and complete the fraud. 

On or about January 9, 2024, Council, and others, executed a SIM swap of the mobile phone account associated with the @SECgov X account, the official account of the SEC. The purpose of this SIM swap was to gain unauthorized access to this government account in order to make fraudulent posts. 

Before January 9, a member of the conspiracy had identified the authorized user for the phone number linked to the official @SECgov X account. Council received instruction from a co-conspirator to perform the SIM swap on this phone line, along with information to make the needed fake ID, that is, an image of an ID card template with the authorized user’s name on it but Council’s face, and information purporting to be the user’s date of birth and social security number. 

Council used his portable ID card printer to create a physical ID which he used to impersonate the victim at an AT&T store in Huntsville, Alabama. Council provided false information to the AT&T store employee to explain why he needed a replacement SIM card. Council obtained the SIM card linked to the victim’s phone line and walked to a nearby Apple store where he purchased a new iPhone to use in the crime.  He inserted the SIM card to activate the phone, received the @SECGov X password reset codes on this new phone linked to the victim’s SIM card and used his personal cell phone to take a photo of the @SECgov X account reset code to share with his co-conspirators. After passing along the password reset codes, Council drove to Birmingham, Alabama and immediately returned the iPhone for cash.   

A member of the conspiracy used the reset code to gain access to the @SECGov X account and issue a fraudulent post in the name of the then-SEC Chairman, falsely announcing SEC approval of Bitcoin (BTC) Exchange Traded Funds (ETFs). The price of BTC increased by more than $1,000 following the post. Shortly after this unauthorized post, the SEC regained control over their X account and confirmed that the announcement was unauthorized and the result of a security breach, which caused the value of BTC decreased by more than $2,000.

Council also admitted to attempting to perform additional SIM swaps in June 2024 in Alabama. In June 2024, the FBI executed a search warrant at an Athens, Alabama, apartment where he resided. Agents recovered a fake identification card and a portable ID card printer. They also recovered a laptop computer.  

Pursuant to the search warrant, agents searched the laptop and discovered templates for additional fake identification cards stored on the laptop along with internet searches for

“SECGOV hack,” “telegram sim swap,” “how can I know for sure if I am being investigated by the FBI,” “What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them,” “what are some signs that the FBI is after you,” “Verizon store list,” “federal identity theft statute,” and “how long does it take to delete telegram account.” 

Council admitted to receiving approximately $50,000 from members of the conspiracy to perform SIM swap during the previous six months.   

This case is being investigated by the FBI Washington Field Office Criminal and Cyber Division, the SEC-Office of Inspector General, the U.S. Attorney’s Office for the District of Columbia, and the Computer Crime and Intellectual Property Section (CCIPS) and Fraud Section’s Market Integrity and Major Frauds Unit of the Justice Department’s Criminal Division. Significant assistance was provided by the FBI’s Birmingham Field Office.

The prosecution is being handled by Assistant United States Attorney Kevin Rosenberg, CCIPS Trial Attorney Ashley Pungello, and Fraud Section Trial Attorney Lauren Archer. Valuable assistance was provided by Assistant United States Attorney John Hundscheid from the Northern District of Alabama.

For more information on SIM swapping, go to: https://www.ic3.gov/PSA/2024/PSA240411

Guilty Plea in Hacking of the SEC's X Account That Caused Bitcoin Value Spike

The newspaper company expects the investigation to take some time, but said in an SEC filing that it has not yet identified any material impact.

Source: Radharc Images via Alamy Stock Photo

UPDATE

NEWS BRIEF

Lee Enterprises, one of the largest newspaper groups in the US, with newspapers in 72 markets, on Feb. 7 filed a report with the SEC detailing a cyberattack that impacted its operations after causing an outage.

Lee Enterprises is a public publishing company that also offers online services and special publications. Some of the newspapers include The Buffalo News, Omaha World-Herald, and Richmond Times-Dispatch.

The company is still investigating the data breach incident and determining the potential impact on its operations. It has not yet identified "any impact that is material," but that could change as the investigation continues.

"These types of investigations are complex and time-consuming, with many taking several weeks or longer to complete," said a Lee Enterprises spokesperson. "We have notified law enforcement of the situation."

It's unclear what kind of cyberattack hit the newspaper company, who the threat actors are, and if any data was stolen; however, some of the Lee Enterprises newsrooms reported the cyberattack forced the company to shut down networks, which led to disruptions in newspaper printing and delivery.

"Although it isn't officially announced, the symptoms of this attack have all of the signs of a significant ransomware event," said Erich Kron, security awareness advocate at KnowBe4, in an emailed statement to Dark Reading. "Ransomware groups love to target organizations that are time sensitive, and media outlets absolutely fit that description, especially ones that produce a physical product.

As of now, multiple publication websites contain notices reading: "We are currently undergoing maintenance on some services, which may temporarily affect access to subscription accounts and the E-edition. We apologize for any inconvenience and appreciate your patience as we work to resolve the issues."

This story was updated on Feb. 10 at 6:07pmET to reflect the correct SEC filing date of Feb. 7.

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

Newspaper Giant Lee Enterprises Reels From Cyberattack

Attackers are smuggling payment card-skimming malicious code into checkout pages on Magento-based e-commerce sites by abusing the Google Tag Manager ad tool.

Source: Diana Vyshniakova via Alamy Stock Photo

Attackers are exploiting Google Tag Manager by planting malicious code within e-commerce sites built on the Magento platform. The code can steal payment card data, demonstrating a new type of Magecart attack that leverages Google's free, legitimate website marketing tool.

Researchers from Sucuri discovered an ongoing Magecart campaign in which attackers load code that appears to be a standard Google Tag Manager (GTM) and Google Analytics tracking script from a database onto e-commerce sites. These tracking scripts are typically used for website analytics and advertising purposes; however, the code used in the campaign has been tweaked to act as a card skimmer for the infected site, the researchers revealed in a recent blog post.

"Within the GTM tag, there was an encoded JavaScript payload that acted as a credit card skimmer," Sucuri security analyst Puja Srivastava wrote in the post. "This script was designed to collect sensitive data entered by users during the checkout process and send it to a remote server controlled by the attackers."

So far, Sucuri has uncovered at least six sites affected by the campaign, "indicating that this threat is actively affecting multiple sites," Srivastava wrote.

**Exploiting a Legitimate Google Tool for Card Skimming**

Related:Canadian Man Charged in $65M Cryptocurrency Hacking Schemes

The attack demonstrates a nontypical Magecart attack that leverages a legitimate free tool from Google that allows website owners to manage and deploy marketing tags on their website without needing to modify the site's code directly. GTM eliminates the need for developer intervention each time a marketer aims to track or modify an ad or marketing campaign.

Sucuri researchers were alerted to the Magecart activity by a customer who found that someone was stealing credit card payment data from its e-commerce site. An investigation led to the discovery of malware being loaded from a database table cms\_block.content file for the website. The malware abused a GTM tag, which was altered by embedding an encoded JavaScript payload that acted as a credit card skimmer.

Attackers obfuscated the script using the technique function \_0x5cdc, which maps index values to specific characters in the array. This makes it difficult for someone to immediately understand the purpose of the script, Srivastava wrote.

The script also uses a series of mathematical operations in a loop, further scrambling the code, and also uses Base64 encoding. "This is a trick often used by attackers to disguise the true purpose of the script," she wrote.

The researchers also discovered an undeployed backdoor in one of the website's files that "could have been exploited to further infect the site, providing attackers with persistent access," Srivastava added. Indeed, Magecart attackers last year demonstrated a new tactic of stashing backdoors on websites to deploy malware automatically.

Related:Behavioral Analytics in Cybersecurity: Who Benefits Most?

Sucuri also previously investigated malicious activity that abused GTM to hide other types of malicious activity, including malvertising as well as malicious pop-ups and redirects.

**Mitigation & Remediation of Magecart Attacks**

"Magecart" refers to a loose collective of cybercriminal groups involved in online payment card-skimming attacks. These attacks typically inject card skimmers into websites to steal payment card data that can later be monetized. Big-name organizations that have been targeted by these attacks include Ticketmaster, British Airways, and the Green Bay Packers NFL team.

Once they identified the source of infection on their customer's site, Sucuri researchers removed the malicious code from any other compromised areas of the site, as well as cleaned up the obfuscated script and the backdoor to prevent the malware from being reintroduced.

To ensure an organization's e-commerce site has not been affected by the campaign, administrators should log in to GTM, and then identify and delete any suspicious tags that are being used on the site, Sucuri recommended. They also should perform a full website scan to detect any other malware or backdoors, and remove any malicious scripts or backdoor files.

Related:Cybercrime Forces Local Law Enforcement to Shift Focus

E-commerce sites built on Magento and their extensions also should be updated with the latest security patches, while all site administrators should regularly monitor e-commerce site traffic as well as GTM activity for anything unusual.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Magecart Attackers Abuse Google Ad Tool to Steal Data

For too long, we've treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes. It's time to revolutionize security operations.

Source: Brain light via Alamy Stock Photo

COMMENTARY

In the battle against cyber threats, we're losing our most vital asset: our people. While the industry fixates on the latest tools and technologies, security analysts are burning out, crushed under the weight of an impossible mission. This isn't just a talent shortage, but an existential crisis threatening the future of cybersecurity defense. Until we prioritize supporting the humans at the heart of cyber operations, no tool or technology will be enough to keep us secure.

Security operations centers (SOCs), the heart of cybersecurity, have become pressure cookers of burnout and frustration. The numbers tell a dire story: More than half of SOC analysts have considered leaving the field, and with them goes the institutional knowledge and expertise that take years to develop. Each departure is a victory for malicious actors, who know that even the most sophisticated tools are only as effective as the humans behind them.

There's a tendency to frame this simply as a talent shortage. In one sense, it is. 53% of organizations report a critical lack of skilled cybersecurity workers. But this misses the direness of the current reality. We can't hire our way out of this disaster. It takes years to develop an analyst capable of detecting and responding to sophisticated threats. By the time junior analysts gain the expertise to handle advanced attacks, they're already burning out and searching for greener pastures. Cyber defenders need relief now.

The crisis extends beyond front-line defenders. Nearly a quarter of chief information security officers (CISOs) and IT security leaders are considering stepping down, with 93% citing unsustainable stress levels. They face mounting pressure to demonstrate return on investment (ROI) while navigating increasing legal and compliance risks, and even personal liability. It's no wonder the average tenure of a CISO is only 18 to 26 months — less than half of the general C-suite tenure.

Somehow, we've normalized this chaos. In any other critical operation, like the military, this level of systemic burnout would be considered an existential risk. Instead, we keep piling on more tools, more alerts, and more responsibilities, mistaking the symptoms for the disease.

Our industry has a blind spot. We've focused so much on software and hardware that we've forgotten about the "humanware" of security workflows. We've overlooked the frontline analysts, the threat hunters, and the managers whose judgment and intellectual horsepower are the real engine of modern security operations.

This matters so deeply to me on a personal level. In my Air Force career, I was a special operations helicopter pilot. Picture it: skimming treetops under night vision goggles, working with elite teams, pushing the boundaries of what seemed possible. Despite the intense pressure and risk, I never once thought about walking away. Why? Because I had cutting-edge equipment, unwavering support from my leadership, and a mission that made my heart race. I would have done it for free.

Today, cyber defenders are the pilots of the 21st century. It's the coolest job on the planet: battling sophisticated adversaries in real-time, protecting the critical infrastructure that powers our economy, and racing against the clock to stop attacks that could affect millions. They should be having the time of their lives. Instead, they're burning out.

**Technology Isn't the Solution — Reshaping Support Is**

The answer isn't just better technology — it's about fundamentally reshaping how we support our people. The industry talks constantly about analysts learning from AI, but we're missing something crucial: the AI must learn from our analysts as well. Their expertise, their pattern recognition, their hard-won instincts about what doesn't look quite right; this human judgment is irreplaceable. We need to give our humans AI partners that learn from them, support them, freeing them to focus on the high-level, intellectually stimulating work that drew them to cybersecurity in the first place.

Imagine SOCs where analysts focus on outsmarting adversaries instead of drowning in false positives. Where AI handles the repetitive tasks but learns from human insights, creating a virtuous cycle of improvement. Where the technology amplifies human expertise instead of trying to replace it. Where the job is as exhilarating as flying a combat mission, because you have tools that learn and evolve alongside you. (In a recent episode of CSO Perspectives, I go into depth of what that looks like.)

For too long, we've treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes.

It's time to revolutionize security operations. When we get this right, we won't just solve our retention crisis. We'll create a field that the best and brightest are eager to join, where analysts don't just survive, but thrive in the mission of keeping us all safe. The future of cybersecurity belongs not to those who build better tools, but to those who best empower defenders to wield them.

**About the Author**

Chief Product Officer, Andesite

William MacMillan, Chief Product Officer at Andesite, is an experienced executive leader, advisor and trusted voice on cyber, digital transformation and national security. Prior to Andesite, he served as the Senior Vice President for Information Security at Salesforce. Before retiring from the federal government, William served as the CISO at the Central Intelligence Agency, where he led a sweeping transformation of the CIA’s cybersecurity strategy and organization. Before this, he held multiple senior leadership positions at the CIA, dealing with various aspects of intelligence, counterintelligence and cyber operations. Throughout his career, William focused significant attention on insider threat, supply chain risk and incident response issues, as well as the development of CIA’s Cybersecurity Operations Center (CSOC).

Analyst Burnout Is an Advanced Persistent Threat

The secret use of other people's generative AI platforms, wherein hijackers gain unauthorized access to an LLM while someone else foots the bill, is getting quicker and stealthier by the month.

Source: Sergio Delle Vedove via Alamy Stock Photo

Sophisticated "LLMjacking" operations have obtained stolen access to DeepSeek models, just weeks after their public release.

LLMjacking, like proxyjacking and cryptojacking, involves the illicit use of someone else's computing resources for one's own purposes. In this case, it's individuals using popular and otherwise expensive large language models (LLMs) from OpenAI, Anthropic, etc., to generate images, circumvent national bans, and more, while passing the bill along to someone else.

Most recently, researchers from Sysdig observed hyperactive LLMjacking operations integrating access to models developed by DeepSeek. After the company released its DeepSeek-V3 model on Dec. 26, it only took LLMjackers a few days to obtain stolen access. Similarly, DeepSeek-R1 was released on Jan. 20, and attackers had it in their hands the very next day.

"This isn't just a fad anymore," Sysdig cybersecurity strategist Crystal Morin says of LLMjacking. "This is far beyond where it was when we first discovered it last May."

**How LLMjacking Works**

At scale, LLM usage can grow rather expensive. For instance, according to Sysdig's back-of-the-envelope calculations, 24/7 usage of GPT-4 could cost an account holder north of half a million dollars (though DeepSeek, at present, is orders of magnitude less expensive).

Related:Researcher Outsmarts, Jailbreaks OpenAI's New o3-mini

In order to enjoy these models without having to incur their costs, attackers steal credentials for cloud services accounts, or application programming interface (API) keys associated with specific LLM apps. Then, they use scripts to verify that these do in fact provide access to a desired model.

Next, they incorporate that stolen authentication information into an "OAI" reverse proxy (ORP). ORPs bridge the user and the LLM, providing a layer of operational security.

The apparent forefather of ORPs, from which the name derives, was published on April 11, 2023. It has since been forked and configured on numerous occasions to incorporate new stealth features. Newer versions have incorporated password protections and obfuscation mechanisms — like making its website illegible until users disable CSS in their browsers — and eliminated prompt logging, covering up attackers' footsteps as they use the models. Proxies are further protected by Cloudflare tunnels, which generate random and temporary domains to shield the ORPs' actual virtual private server (VPS) or IP addresses.

New 4chan and Discord communities have flourished around ORPs, as people use illicit LLM access to generate NSFW content and imagery of other kinds, scripts of varying maliciousness, or just everyday stuff, like essays for school. And in countries like Russia, Iran, and China, regular people use ORPs to circumvent national bans on ChatGPT.

Related:'Constitutional Classifiers' Technique Mitigates GenAI Jailbreaks

**The Cost of LLMjacking to Account Holders**

Somebody, in the end, is going to pay for all computing resources used to generate NSFW images and school papers.

ORP developers don't want these bills to be too high, necessarily, or else their users' anomalous activity will more than likely raise alarms. To account for this, they build their programs on dozens, or even hundreds of different sets of credentials associated with different accounts. One ORP Sysdig recorded, for example, had incorporated 55 separate DeepSeek API keys, in addition to those associated with other artificial intelligence (AI) apps. By possessing many keys across many apps, ORPs can perform load balancing, spreading illicit usage as thinly as possible.

It doesn't always work out this way, though.

As Morin recalls, "I spoke a little bit with a Twitter user whose personal AWS account was compromised through LLMjacking. He woke up one morning and his $2 average monthly AWS bill — he \[mainly\] used it for email — spiked to $730 in two or three hours."

Related:AI Malware Dressed Up as DeepSeek Packages Lurk in PyPi

Source: Crystal Morin via LinkedIn

Nobody knows exactly how the victim had his AWS credentials swiped, but he was already on his way to racking up a $20,000-plus bill. His lucky break was having cost alerts toggled on in AWS — they aren't on by default — allowing him to spot the anonymous activity early.

"He reached out to AWS customer support and asked them what was going on, and they had no idea. He did end up shutting off his account almost immediately, but there was a delay in the reporting of the cost. It ended up being, I think, between $10,000 to $20,000 total for about half a day's usage," Morin says.

AWS did end up bailing out the victim. Still, Morin warns, "You can imagine what a similar attack would do on an enterprise level, considering what could happen to just a single person."

**About the Author**

Nate Nelson is a writer based in New York City. He formerly worked as a reporter at Threatpost, and wrote "Malicious Life," an award-winning Top 20 tech podcast on Apple and Spotify. Outside of Dark Reading, he also co-hosts "The Industrial Security Podcast."

LLM Hijackers Quickly Incorporate DeepSeek API Keys

Five years after a Russian APT infiltrated a software update to gain access to thousands of SolarWinds customers, the board has voted unanimously to sell at a top valuation and plans for uninterrupted operations.

Source: SOPA Images Limited via Alamy Stock Photo

NEWS BRIEF

SolarWinds, the software and IT company that faced a major supply chain cyberattack in 2020, today announced that it will be acquired by Turn/River Capital for $4.4 billion, or $18.50 per share.

Along with unanimous approval from its board of directors, the transaction also received written approval from Thoma Bravo and Silver Lake, SolarWinds' majority shareholders with a combined 65% of the outstanding voting securities.

SolarWinds will become a privately held company, no longer listed on the New York Stock Exchange, though it will continue to operate under the name SolarWinds and stay headquartered in Austin, Texas.

"This successful transaction and exciting partnership are testaments to our employees' outstanding work of building exceptional solutions and delivering great customer success," said Sudhakar Ramakrishna, president and CEO of SolarWinds, in a statement. "We are confident that Turn/River's expertise and growth orientation will help us ensure SolarWinds continues to drive innovation and deliver even greater value for customers and stakeholders."

**The Sunburst Attack Continues to Burn**

In 2020, roughly 33,000 of SolarWinds' customers were impacted in a major supply chain attack, affecting thousands of organizations as well as the US government. The breach targeted the SolarWinds Orion management system, where it is believed that Nobelium, a nation-state hacking group, gained access to the company's networks in September 2019.

The attackers inserted malicious code, known as Sunburst, into the Orion system, infecting a software update that led to the compromise of all software builds for versions 2019.4 HF 5 through 2020.1.1. More than 18,000 SolarWinds customers installed these updates, creating a domino effect in those that fell victim to the attack. Years later, in 2023, the Securities and Exchange Commission (SEC) charged SolarWinds and its CISO Tim Brown with fraud and internal control failures, alleging that by ignoring warnings about the company's vulnerable cybersecurity posture, Brown knowingly left the company unprotected.

This breach has had lasting impacts in the cybersecurity industry, and though the attack occurred nearly five years ago, the SEC continues to review the details. Last October, the SEC charged four companies — Unisys, Avaya Holdings Corp., Checkpoint, and Mimecast — for what the regulator said were intentional attempts to minimize the impact of the hack to their systems. It also vowed to deter other companies from submitting vague data breach disclosures after major events like SolarWinds.

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

Source

DARKReading