New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches. The competition for the best question on the topic of VM continues. 😉🎁 📹 Video on YouTube, LinkedIn🗞 Post on Habr (rus)🗒 Digest on the PT website Content: 🔻 00:29 Spoofing – Windows […]

**New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches.** The competition for the best question on the topic of VM continues. 😉🎁

📹 Video on YouTube, LinkedIn  
🗞 Post on Habr (rus)  
🗒 Digest on the PT website

Content:

🔻 00:29 **Spoofing** – Windows NTLM (CVE-2024-43451)  
🔻 01:16 **Elevation of Privilege** – Windows Task Scheduler (CVE-2024-49039)  
🔻 02:16 **Spoofing** – Microsoft Exchange (CVE-2024-49040)  
🔻 03:03 **Elevation of Privilege** – needrestart (CVE-2024-48990)  
🔻 04:11 **Remote Code Execution** – FortiManager “FortiJump” (CVE-2024-47575)  
🔻 05:19 **Authentication Bypass** – PAN-OS (CVE-2024-0012)  
🔻 06:32 **Elevation of Privilege** – PAN-OS (CVE-2024-9474)  
🔻 07:42 **Path Traversal** – Zyxel firewall (CVE-2024-11667)  
🔻 08:37 Is it possible to Manage Vulnerabilities with no budget?  
🔻 09:53 Should a VM specialist specify a patch to install on the host in a Vulnerability Remediation task?  
🔻 10:51 Full digest of trending vulnerabilities  
🔻 11:18 Backstage

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

**Post navigation**← The results of 2024 About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112) →

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches

A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.

Source: Krot Studio via Alamy Stock Photo

A new jailbreak technique for OpenAI and other large language models (LLMs) increases the chance that attackers can circumvent cybersecurity guardrails and abuse the system to deliver malicious content.

Discovered by researchers at Palo Alto Networks' Unit 42, the so-called Bad Likert Judge attack asks the LLM to act as a judge scoring the harmfulness of a given response using the Likert scale. The psychometric scale, named after its inventor and commonly used in questionnaires, is a rating scale measuring a respondent's agreement or disagreement with a statement.

The jailbreak then asks the LLM to generate responses that contain examples that align with the scales, with the ultimate result being that "the example that has the highest Likert scale can potentially contain the harmful content," Unit 42's Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao, and Danny Tsechansky wrote in a post describing their findings.

Tests conducted across a range of categories against six state-of-the-art text-generation LLMs from OpenAI, Azure, Google, Amazon Web Services, Meta, and Nvidia revealed that the technique can increase the attack success rate (ASR) by more than 60% compared with plain attack prompts on average, according to the researchers.

The categories of attacks evaluated in the research involved prompting various inappropriate responses from the system, including: ones promoting bigotry, hate, or prejudice; ones engaging in behavior that harasses an individual or group; ones that encourage suicide or other acts of self-harm; ones that generate inappropriate explicitly sexual material and pornography; ones providing info on how to manufacture, acquire, or use illegal weapons; or ones that promote illegal activities.

Other categories explored and for which the jailbreak increases the likelihood of attack success include: malware generation or the creation and distribution of malicious software; and system prompt leakage, which could reveal the confidential set of instructions used to guide the LLM.

**How Bad Likert Judge Works**

The first step in the Bad Likert Judge attack involves asking the target LLM to act as a judge to evaluate responses generated by other LLMs, the researchers explained.

"To confirm that the LLM can produce harmful content, we provide specific guidelines for the scoring task," they wrote. "For example, one could provide guidelines asking the LLM to evaluate content that may contain information on generating malware."

Once the first step is properly completed, the LLM should understand the task and the different scales of harmful content, which makes the second step "straightforward," they said. "Simply ask the LLM to provide different responses corresponding to the various scales," the researchers wrote.

"After completing step two, the LLM typically generates content that is considered harmful," they wrote, adding that in some cases, "the generated content may not be sufficient to reach the intended harmfulness score for the experiment."

To address the latter issue, an attacker can ask the LLM to refine the response with the highest score by extending it or adding more details. "Based on our observations, an additional one or two rounds of follow-up prompts requesting refinement often lead the LLM to produce content containing more harmful information," the researchers wrote.

**Rise of LLM Jailbreaks**

The exploding use of LLMs for personal, research, and business purposes has led researchers to test their susceptibility to generate harmful and biased content when prompted in specific ways. Jailbreaks are the term for methods that allow researchers to bypass guardrails put in place by LLM creators to avoid the generation of bad content.

Security researchers have already identified several types of jailbreaks, according to Unit 42. They include one called persona persuasion; a role-playing jailbreak dubbed Do Anything Now; and token smuggling, which uses encoded words in an attacker's input.

Researchers at Robust Intelligence and Yale University also recently discovered a jailbreak called Tree of Attacks with Pruning (TAP), which involves using an unaligned LLM to "jailbreak" another aligned LLM, or to get it to breach its guardrails, quickly and with a high success rate.

Unit 42 researchers stressed that their jailbreak technique "targets edge cases and does not necessarily reflect typical LLM use cases." This means that "most AI models are safe and secure when operated responsibly and with caution," they wrote.

**How to Mitigate LLM Jailbreaks**

However, no LLM matter is completely secure from jailbreaks, the researchers cautioned. The reason that they can undermine the security that OpenAI, Microsoft, Google, and others are building into their LLMs is mainly due to the computational limits of language models, they said.

"Some prompts require the model to perform computationally intensive tasks, such as generating long-form content or engaging in complex reasoning," they wrote. "These tasks can strain the model's resources, potentially causing it to overlook or bypass certain safety guardrails."

Attackers also can manipulate the model's understanding of the conversation's context by "strategically crafting a series of prompts" that "gradually steer it toward generating unsafe or inappropriate responses that the model's safety guardrails would otherwise prevent," they wrote.

To mitigate the risks from jailbreaks, the researchers recommend applying content-filtering systems alongside LLMs for jailbreak mitigation. These systems run classification models on both the prompt and the output of the models to detect potentially harmful content.

"The results show that content filters can reduce the ASR by an average of 89.2 percentage points across all tested models," the researchers wrote. "This indicates the critical role of implementing comprehensive content filtering as a best practice when deploying LLMs in real-world applications."

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

'Bad Likert Judge' Jailbreak Bypasses Guardrails of OpenAI, Other Top LLMs

Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure.
The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform's OData Web API Filter, while the third vulnerability is rooted in the FetchXML

Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API

Researchers at FortiGuard Labs have identified a prolific attacker group known as "EC2 Grouper" who frequently exploits compromised credentials using AWS tools.

****SUMMARY****

*   **EC2 Grouper Identified:** Researchers found EC2 Grouper exploiting AWS credentials and tools using distinct patterns like “ec2group12345.”

*   **Credential Compromise:** They primarily obtain credentials from code repositories tied to valid accounts.

*   **API Reliance:** The group avoids manual activity, using APIs for reconnaissance and resource creation.

*   **Detection Challenges:** Indicators like naming conventions and user agents are unreliable for consistent detection.

*   **Security Recommendations:** Use CSPM tools, monitor for credential misuse, and detect unusual API activity to mitigate risks.

Cloud environments are **constantly under attack**, with sophisticated threat actors employing various techniques to gain unauthorized access. One such actor, dubbed _EC2 Grouper_, has become a notable adversary for security teams.

According to the latest research from Fortinet’s FortiGuard Labs Threat Research team, this group is characterized by its consistent use of **AWS tools** and a unique security group naming convention in its attacks. Researchers tracked this actor in several dozen customer environments due to similar user agents and security group naming conventions. 

The latest revelation comes amid increasing exploitation of AWS infrastructure by top hacker groups. In December 2024, **reports revealed** that ShinyHunters and the Nemesis Group collaborated to target misconfigured servers, particularly AWS S3 Buckets.

EC2 Grouper typically initiates attacks by leveraging AWS tools like PowerShell, often employing a distinctive user agent string. Furthermore, the group consistently creates security groups with naming patterns like “ec2group,” “ec2group1,” “ec2group12,” and so on. Also, they frequently use code repositories to acquire credentials in their cloud attacks, often originating from valid accounts. This method is believed to be the primary method of credential acquisition.

Further probing revealed that Grouper uses APIs for reconnaissance, security group creation, and resource provisioning, avoiding direct actions like inbound access configuration.

While these indicators can provide initial clues, they are often insufficient for reliable threat detection, researcher Chris Hall noted in the **blog post**, shared with hackread.com. That’s because relying solely on these indicators can be misleading. Attackers can easily modify their user agents and may deviate from their usual naming conventions. 

Researchers did not observe calls to AuthorizeSecurityGroupIngress, which is essential to configure inbound access to EC2 launched with the security group, but they observed CreateInternetGateway and CreateVpc for remote access.

Moreover, no actions have been based on objectives or manual activity in a compromised cloud environment. EC2 Grouper may be selective in their escalation or compromised accounts were detected and quarantined before they escalated.

Screenshot: FortiGuard Labs

Still, researchers note that by analysing signals like credential compromise and API usage, security teams can develop a reliable detection strategy and help organizations defend against sophisticated adversaries like EC2 Grouper. They suggest that a more effective approach would be monitoring for suspicious activity related to legitimate secret scanning services to identify potential credential compromises, which are the primary source of access for EC2 Grouper.

To stay safe, organizations must also utilize Cloud Security Posture Management (CSPM) tools to monitor and assess your cloud environment’s security posture continuously. Implementing anomaly detection techniques to identify unusual behaviour within the cloud environment, such as unexpected API calls, resource creation, or data exfiltration can also help. 

1.  **Hackers Use Fake PoCs on GitHub to Steal AWS Keys**
2.  **New APT Group “Unfading Sea Haze” Hits Military Targets**
3.  **TA866 Linked to WarmCookie Malware in Espionage Campaign**
4.  **Builder.ai Database Misconfiguration Exposes 1.29TB of Records**
5.  **Russian Cozy Bear Phish Critical Sectors with Microsoft, AWS Lures**

FortiGuard Labs Links New EC2 Grouper Hackers to AWS Credential Exploits

The fast growing region has its own unique cyber issues — and it needs its own talent to fight them.

Source: Panther Media via Alamy Stock Photo

COMMENTARY

The Middle East is undergoing a digital transformation that is as rapid as it is remarkable. Tech multinationals are investing big in the region as Dubai, Riyadh, and Abu Dhabi strive to establish themselves as global innovation hubs.   

But this increased digitization comes with an increased risk of cyberattacks — and businesses throughout the Middle East are at risk of being caught with their guard down.

The pace of digital growth in countries throughout the Middle East has far outstripped cybersecurity talent in the region, leaving organizations fatally exposed. While some businesses resort to outsourcing their cybersecurity measures to tech giants and their tools, this hands-off approach is risk-prone.

The Middle East now sits squarely in the firing line. With cyberattacks emboldened by AI, robust cybersecurity defenses are more crucial than ever. Businesses must move away from outsourcing and focus on building strong in-house defenses by investing in tool-based approaches and heavily leveraging in-house hiring, upskilling, and talent retention practices.

**Victims of Their Own Success?**

The commercial success of locations like Dubai, Abu Dhabi, and Saudi Arabia has transformed them into potential hotbeds for cybercrime. Distributed denial-of-service (DDoS) attacks on Middle Eastern countries have risen 75% in the past year, with the UAE and Saudi Arabia taking the brunt of the blow. 

Related:Iranian APT Group Targets IP Cameras, Extends Attacks Beyond Israel

The UAE alone falls victim to around 50,000 cyberattacks a day. And it comes at a cost: in 2023, cyberattacks cost businesses, organizations, and public bodies more than $8 million per incident.

The uptick in cyberattacks is only exacerbated by changing patterns in the cybercrime landscape. The rise of AI has lowered the barrier to entry for would-be hackers, allowing those with even the most novice skills to carry out a full-scale attack. Meanwhile, the proliferation of cybercrime as a service (CaaS), offering services like DDoS-for-hire, means threat actors now need little more than an intention to launch a cyberattack. In this new era of cybercrime, where there's a will, there's a way.

The current cybersecurity skills gap seen throughout the Middle East is leaving companies exposed and vulnerable to bad actors. Over half the companies in the EMEA region have attributed cybersecurity breaches to a lack of skills and training, while 70% of business leaders believe that skills shortages create a whole host of additional cybersecurity risks for companies to address.

**AI Muddles Outsourced Security Equation**

Related:DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks

Too many businesses attempt to remedy this lack of talent by outsourcing their cybersecurity to third parties. While this might have been effective when countries like the US were the main target for threat actors, that's no longer the case.   

The rise of AI-enhanced cyberattacks presents a new host of threats that businesses outsourcing cybersecurity won't necessarily be able to tackle. Not only has AI made it easier for threat actors to carry out cyberattacks, it's also made the attacks themselves more sophisticated and more malicious.

AI-enhanced malware is stealthier, making it harder to detect a breach of IT infrastructure. Automated phishing attacks enable bad actors to target a larger number of potential victims, while the phishing attacks themselves are highly tailored to their targets.

It is crucial that Middle Eastern businesses — particularly those in the UAE and Saudi Arabia — are on top of their cybersecurity measures. They cannot sit back and outsource cybersecurity with the assumption that the risk is also transferred. Instead, they must take an active approach to their cybersecurity measures by building up a strong in-house cybersecurity team that can identify, respond to, and deal with threats in an effective and timely manner. 

Related:South Korean APT Exploits 1-Click WPS Office Bug, Nabs Chinese Intel

Bringing cybersecurity in-house mitigates the risks that can crop up when relying on outsourced defenses, such as slow response times. Instead, in-house cybersecurity teams will have their fingers on the pulse of the business's security framework, as well as a thorough understanding of business specifics, enabling them to react quickly to threats.

But to achieve this, businesses must invest heavily in new and pre-existing IT talent to close the Middle East's skills gap — and this should be done with a particular focus on hiring and retention practices.

**Retention Is Tough in Smaller Talent Pool**

Over half of organizations globally say they struggle to recruit candidates with cybersecurity experience. Difficulties in hiring cybersecurity talent are compounded by trouble retaining cybersecurity staff, throwing employers into a vicious cycle of hiring and re-hiring. In the Middle East, where the digital economy is still young, this is of particular concern — the talent pool is finite, and companies cannot afford to lose out on promising employees.   

To combat this, corporations in the Middle East should turn their attention to the fresh talent coming out of universities throughout the Middle East and around the world. By forming partnerships with universities and offering attractive graduate schemes, businesses can tap into dense talent pools brimming with promising cybersecurity talent.

Graduates are eager to learn and willing to mold to the company ethos, making them the ideal choice for corporations looking to build up a dedicated in-house cybersecurity team.

Investing in apprenticeship schemes is another option for companies. Although more hands-on, companies will be able to train candidates from the ground up, ensuring the candidate's skills and knowledge are strongly aligned with the business's cybersecurity needs.

**Learning & Development Must Be Fostered**

Retaining this talent is just as crucial as bringing them on board in the first place.  Alongside the usual retention tactics, such as competitive pay packets and desirable benefits, companies must invest heavily in continuous learning and development (L&D) opportunities throughout the employee's career.  

Poor training — or a lack of training altogether — is a surefire way to lose employees. Conversely, 94% of employees say they would stay longer with an employer that invested in L&D. In a fast-changing, continually developing industry like cybersecurity, L&D is especially vital.

Investing in training sessions and development courses for cybersecurity employees will ensure they're kept up to date with any changes in the threat and security landscape. And, in the process, employees will feel as if the company is giving them opportunities to develop their skills and abilities, rounding them out into highly experienced cybersecurity professionals.

Investing in staff as a cybersecurity tactic shouldn't begin and end with cybersecurity staff. Deploying a company-wide cybersecurity upskilling program is a vital first step — and a simple way of ruling out one of the greatest causes behind cybersecurity breaches: human error. Negligence, a lack of awareness, or simple mistakes can lead to vulnerabilities and breaches, even in the most robust systems. Upskilling is a vital step companies must take to mitigate this risk.

With the rising rate of cyberattacks in the Middle East, corporations cannot afford to sit back and wait until they become the next big victim of a data breach or DDoS attack.

Companies can't rely solely on third-party cybersecurity measures — they must build up comprehensive in-house defenses. Businesses need to act now and double their investments in cybersecurity talent, paying particular mind to up-and-coming graduate talent.

**About the Author**

Founder, PG Advisors Ltd.

Partha Gopalakrishnan is a leading business transformation expert with more than 25 years of experience directing global teams to drive digital growth. He also has his own firm, PG Advisors, which offers board advisory and non-executive director services for prominent analysts and PE Firms. 

Partha has served in executive leadership positions with some of the world’s largest technology firms and global systems Integrators, including 17 years with Infosys, followed by a tenure at Tech Mahindra. He has completed executive education programs at the Stanford University Graduate School of Business and The Wharton School of the University of Pennsylvania.

Cybersecurity Lags in Middle East Business Development

Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment.
"Exploiting these flaws could allow attackers to gain persistent access as shadow administrators

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

SUMMARY A recent report from the German news outlet Spiegel has revealed a significant security breach impacting hundreds…

****SUMMARY****

*   Sensitive data for 800,000 Volkswagen Group EVs was exposed on an unsecured cloud server.

*   The data leak, discovered by a whistle-blower, included GPS data and vehicle status, enabling owner tracking.

*   Affected users included politicians, police, and intelligence employees, with most vehicles in Europe.

*   The data leak revealed personal routines and locations, posing serious privacy risks.

*   The issue stemmed from Cariad’s system misconfiguration, which has since been addressed.

A recent report from the German news outlet Spiegel has revealed a significant security breach impacting hundreds of thousands of Volkswagen Group electric vehicle owners. The investigation found that sensitive location data for 800,000 vehicles, including those from Volkswagen, Audi, SEAT, and Skoda, was left exposed on an unsecured cloud server for months. 

The vulnerability was discovered by an anonymous whistle-blower and reported to the Chaos Computer Club (CCC), a prominent European hacker association. The exposure included personal data, including GPS coordinates and vehicle status, including detailed information about VW ID.3 and ID.4 owners stored on an unsecured Amazon cloud server. This allowed anyone with the right know-how to track the movements and habits of affected owners. 

https://berlin-ak.ftp.media.ccc.de//congress/2024/h264-hd/38c3-598-deu-Wir\_wissen\_wo\_dein\_Auto\_steht\_-\_Volksdaten\_von\_Volkswagen.mp4

Reportedly, the impacted EVs were located worldwide with the majority found in Germany and other parts of Europe. The affected owners not just include ordinary citizens but also prominent figures like German politicians, police officers, and even suspected intelligence service employees just like in October 2023 when a third-party contractor exposed over 500,000 Irish Police vehicle seizure records.  

This exposure extended far beyond simple vehicle location tracking. By linking vehicle data with other personal information, the researchers were able to gain unprecedented insights into the daily lives of affected owners.

For example, according to Spiegel’s report, it was able to track the movements of two German politicians with alarming precision, pinpointing their locations at various locations including a retirement home and military barracks, and profiling a mayor with her car tracking her movements from her work to her physical therapist.

That’s not all! Spiegel discovered terabytes of data on Amazon cloud storage, including the precise location of 460,000 vehicles, which could reveal crucial details of their owners. Moreover, the data also included information about the Hamburg police department’s electric cars, politicians, business leaders, Federal Intelligent Services employees, and the US Air Force’s Ramstein Air Base drivers.

The root of this security failure lies within Cariad, the Volkswagen Group’s software division. The company confirmed that a misconfiguration within their systems allowed unauthorized access to the sensitive data.

While Cariad insists that no financial or personally identifiable information was compromised, the potential for misuse of the exposed location data remains a significant threat. Cybercriminals could exploit this information for a variety of malicious purposes, including targeted stalking, blackmail, and even physical attacks.  

The CCC promptly contacted Lower Saxony’s State Data Protection Officer, Federal Ministry of the Interior, and other security bodies, and gave VW Group and Cariad 30 days to address the issue before going public. Cariad’s technical team promptly and responsibly blocked unauthorized access to customer data.

1.  **Cicada3301 Ransomware Hits French Peugeot Dealership**
2.  **Fuel Industry Software Provider Exposes SSNs and PII Data**
3.  **Builder.ai Database Exposes 1.29 TB of Unsecured Records**
4.  **Microsoft Power Pages Expose Millions of Records Globally**
5.  **13GB Data of Automobile Insurance Giant AA Exposed Online**

Exposed Cloud Server Tracks 800,000 Volkswagen, Audi, and Skoda EVs

From Elon Musk and Donald Trump to state-sponsored hackers and crypto scammers, this was the year the online agents of chaos gained ground.

For its entire existence as a global medium, the internet's evolution has been caught in a tug of war, pulled by opposing forces: on one side, moderation and control; on the other, disruption and anarchy.

This year, the most prominent actors weighing in on the side of disruption were familiar faces: The reckless oligarchs, cybercriminals, scammers, and state-sponsored hackers who made the internet feel particularly dangerous in 2024 were, to some degree, the same forces destabilizing the online world in 2023. But perhaps more than in any other recent year, those agents of chaos seemed to persist in the face of opposition, to grow in their influence—and to win.

From Elon Musk's completed remake of X in his own tech-bro image to Trump's disinformation-fueled campaign, to Russia's ongoing cyberattacks against Ukraine, to China's relentless onslaught of digital intrusions and crypto scammers' global spread, the online experience of 2024 was messy, hazardous, and Hobbesian. And for the most part, the people who made it that way are poised to exert even more influence over the year to come.

As we do every year, WIRED has assembled a list of the most dangerous people, groups, and organizations on the internet. Here are our picks for 2024.

**Elon Musk**

After years of evolution from entrepreneur to edgelord, Musk seemed to reach his final form this year in the run-up to November's US election. Once a technologist with ambiguous politics who occasionally pursued public arguments against scuba divers, Musk now uses his megaphone of 200-million-plus followers on X, the social media platform he fully controls, to broadcast an unrelenting stream of anti-regulation, anti-immigrant, anti-transgender, anti-press, anti-progressive talking points. He's amplified and repeated disinformation, like claims after the disastrous damage done by Hurricanes Helene and Milton that the Federal Emergency Management Agency (FEMA) was hoarding supplies or had spent its budget on migrants instead of needy Americans. He's repeated debunked theories about voter fraud and immigrants swinging elections. In at least one case, he's even seemed to drop a reference that suggest support for the QAnon movement, which maintains bizarre theories about satanic pedophile rings that only Donald Trump can destroy.

Meanwhile, Musk continues to push his AI startup, xAI, toward one of the most no-holds-barred visions of what that technology can make possible, with little regard for safety or preventing its use for disinformation. The company this year launched new image-generation capabilities in its Grok tool that were immediately used to create images of copyrighted characters, celebrities, and political figures in compromising or sexual positions. Musk himself at one point posted an AI-generated deepfake of Kamala Harris that mocked her with her own voice—with no annotation that it was not authentic—that received 150 million views.

More than any particular political message or technology he's pushed, however, the danger Musk represents is simply that the richest man in the world can buy one of the internet's most vital media platforms, then use it, along with hundreds of millions of dollars in donations, to elect the president of his choosing and shape US policy. After Trump's election, Musk was rewarded with hundreds of billions more in net worth. The system, in other words, is working—for oligarchs like Elon Musk.

**Donald Trump**

For the next four years, Donald Trump will once again be the most powerful single person in the world. This year, he was just a very loud one. On social media platforms like X—where Musk reinstated Trump's account despite a 2021 ban following his incitement of the January 6 storming of the US Capitol—and Trump's own Truth Social, he lit fires with false claims that arguably helped fuel his path to political victory. Like Musk, he made and repeated falsehoods such as FEMA spending its budget on immigrants rather than hurricane victims, or that immigrants were stealing and eating pets. By converting Robert F. Kennedy Jr. from a third-party candidate to an endorsing ally, Trump also reciprocally endorsed RFK Jr.'s long-running stream of anti-vaccine misinformation, rhetoric that has led to childhood vaccine rates now dipping to a lower level than before the Covid-19 pandemic.

Once his second term in office begins, Trump is poised to use digital surveillance to carry out a highly disruptive and even vindictive agenda: He's promised mass deportations of millions of immigrants starting on day one of his administration, and he's vowed to target political opponents and journalists with prosecution. There's little doubt that Trump will top this list in 2025. But in 2024, his words alone represent a clear and present danger.

**Volt Typhoon**

In the cybersecurity world, the last months of 2024 have been dominated by warnings from public officials about a Chinese state-sponsored hacking group known as Salt Typhoon, which has penetrated at least eight telecoms, in some cases accessing the real-time calls and texts of Americans. But in the midst of that cyberespionage scandal, a different, far more dangerous digital threat from China still quietly looms: A Chinese state-sponsored group called Volt Typhoon spent much of 2024 continuing its stealthy campaign to breach US critical infrastructure facilities—not to spy on communications, but to prepare for a potential cyberattack. While headlines about Volt Typhoon have largely dissipated since it was first called out and named by Microsoft in May of 2023, officials warn that the group continues to “pre-position” itself inside of networks that appear to be chosen for maximum disruption, perhaps timed to a Chinese invasion of Taiwan. Given that Chinese head of state Xi Jinping has told his country's military to be prepared for that invasion by 2027, now is the time to head off the digital salient of what could be a world-shaking future war.

**Sandworm**

While Volt Typhoon prepares, Sandworm attacks. The Russian hacking group, a unit of the country's GRU military intelligence agency, has in fact carried out many of the most disruptive cyberattacks of the past decade. Those attacks—mostly in Ukraine—include at least three blackouts triggered by its hacking, the destructive NotPetya malware that spread around the globe and inflicted $10 billion in damage, and countless data-destroying breaches that the group has carried out since the beginning of Russia's full-scale invasion of Ukraine in 2022. In 2024, as Russia fought Ukraine to a stalemate or regained territory in the east of the country, Sandworm continued to project its power beyond that front: Security firm StrikeReady discovered Sandworm targeting Ukraine's energy sector again this fall, perhaps in preparation for another round of electrical utility hacking, either to carry out its own attacks or as reconnaissance for the Russian military's now-annual physical bombing of Ukraine's grid.

**Israeli Military and Intelligence**

Last year, WIRED named both the IDF and Hamas on this list, a nod to each side's use of the internet in its propaganda efforts in the war in Gaza following Hamas' October 7 attack. This year, with Israel's adversaries in that conflict like Hamas and Hezbollah significantly weakened and in retreat, it's the Israeli forces that remain on the offensive. Israel's military continues to use AI tooling to identify targets for bombs as its strikes have killed tens of thousands of Gazan civilians and leveled entire cities in the territory. Israeli missiles continue to intermittently knock out Gaza's communications infrastructure, destroying 80 percent of the country's top telecom's cell towers and leading to information blackouts amid the destruction and starvation of that now year-plus siege. Add to all of that a still-mysterious Israeli supply chain attack that hid lethal explosives in pagers and walkie-talkies in an effort to target Hezbollah operatives, which led to immediate distrust of all communications devices in the country, and Israel's government forces remain an internet apex predator by any definition.

**Black Cat/AlphV/RansomHub**

Ransomware in 2024 was, again, one of the most abhorrent forms of cybercrime to blight the internet. But few ransomware attacks in history have been quite as dangerous and damaging as the one that targeted UnitedHealthcare subsidiary Change Healthcare early this year, carried out by a ransomware group known as Black Cat or AlphV. Even after extracting a $22 million ransom from the company—a payment processor that handles around 40 percent of all health care insurance claims across the US—the hackers' disruption of Change's network continued to prevent the company from completing payments to pharmacies, clinics, health care practices, and hospitals across the country for weeks, causing some to even go out of business. Then, as if it hadn't inflicted enough chaos, AlphV ran off with Change's ransom money instead of sharing it with a group of hackers with whom it had partnered to infiltrate the company. That led the jilted hackers to share the data stolen from Change Healthcare with another, newer ransomware crew called RansomHub, which extorted the company a second time—an unprecedented health care cybersecurity debacle.

**The Com**

Even in an age of state-sponsored Chinese cyberspies, Russian hacker saboteurs, and ransomware gangs, nihilistic young hackers remain a constant in the darker corners of the internet. And few of those corners are as dark as the ones frequented by the Com. The loose movement of online trolls and criminals who operate under the Com banner in channels on Telegram and Discord, many just in their teens, engage in some of the most despicable digital crimes possible, from petty crypto theft and ransomware to sextortion, harassment, and the creation and trade of child sexual abuse material. This year, several members of a Com subgroup of ransomware hackers known as Scattered Spider were arrested, following their alleged high-profile 2023 attacks on companies including Caesar's Entertainment and MGM Resorts. But other members of the group are allegedly responsible for the serial breaches of well over a hundred customers of the cloud provider Snowflake. It's a safe bet that the Com will continue to serve as a haven for plenty more criminal acts to come.

**Data Brokers**

Once, privacy fears centered on government agencies like the FBI and NSA and their ability to carry out mass surveillance worldwide. Now, increasingly, we give away that same surveillance data en masse to companies you've never heard of. This year, it came to light that several data brokers collect and then sell access to Americans' highly granular location data pulled from their phones. Surveillance services like Babel Street's LocateX allegedly can—and do—track visitors to sensitive locations abortion clinic or mosques. A data broker called Near Intelligence left a vast cache of location data exposed online, revealing the movements of hundreds of visitors to sex trafficker Jeffrey Epstein's island in the Caribbean. Reporting on both companies has demonstrated how much private location data our devices leave behind as revelatory digital detritus, and how the possession of that data now extends far beyond government agencies to little-known firms with highly questionable privacy and security practices.

**Character.AI**

If 2023 was the year that AI tools future-shocked the internet with their seemingly abrupt rise to prominence, 2024 was the year that those tools became normalized, quietly settling into common use in spite of all their alleged flaws and ethical problems. Yet those issues are still there, and perhaps no startup better exemplifies them than Character.AI, an AI firm backed by $2.7 billion in investment from Google. According to lawsuits filed in Texas and Florida against the company, its chatbots have encouraged children to engage in self-harm and violence against their parents, and allegedly contributed to 14-year-old dying by suicide. Other chatbots hosted by the company have allegedly coached kids into developing eating disorders, role-playing as school shooters, and even seemed to be sexually grooming them. Despite repeatedly vowing to implement age restrictions, no meaningful age safeguards appear to have been added even now, according to news outlet Futurism. If this is the future of artificial intelligence, the AI era is going to be a dark age indeed.

**Crypto Scammers**

The crypto-based investment scams known as “pig butchering”—a term experts now say should be retired because it can further harm victims—pulled in a staggering $37 billion in 2023, and likely more in 2024. The victims of that explosively growing form of crimes aren't just those who fall for its scams and lose their life savings, but also many of the perpetrators of the scams themselves: As many as 200,000 people have been enslaved in compounds across Southeast Asia and forced to carry out the fraud schemes. In some cases, they've been kept in electrified shackles and faced threats of cattle prods and beatings from the gangs overseeing their work. This year, the dystopia those scammers have ushered in has begun to spread worldwide, with operations cropping up in the Middle East, Eastern Europe, Latin America, and West Africa. The targets of their fraud, of course, are even more global. Crypto scams have already become a top-tier form of cybercrime, and there's no end in sight to the expansion of this predatory underworld industry.

The Most Dangerous People on the Internet in 2024

Organizations in the region should expect to see threat actors accelerate their use of AI tools and mount ongoing "harvest now, decrypt later" attacks for various malicious use cases.

Source: Tero Vesalainen via Shutterstock

If incidents this year are any indication, deepfakes and “harvest now, decrypt later” attacks spurred by the growing adoption of quantum computing projects are among the many concerns that organizations in the Asia-Pacific (APAC) region will need to deal with in 2025.

Over the past year, cybercriminals operating in the APAC region have increasingly leveraged AI to launch sophisticated campaigns — such as AI-generated phishing emails, adaptive malware, and deepfakes. The attacks have undermined trust in critical communications and exacerbated social tensions, says Clement Lee, security architect and evangelist at Check Point Software Technologies, Asia Pacific.

**An Increase in Deepfakes & Quantum Computing-Related Cyberattacks**

"This was starkly demonstrated during recent elections seen across APAC: in India where deepfakes fueled widespread disinformation; in Indonesia, where a doctored deepfake video aimed to stir anti-China sentiment; and in Hong Kong, a finance worker who was duped into sending $25 million by a deepfake impersonation of company executives," Lee says. As these tactics start extending from political spheres into the corporate realm, businesses must adopt AI-driven security defenses to counter them, Lee notes.

Simon Green, president of Asia, Pacific, and Japan at Palo Alto Networks, described the APAC region as being on the cusp of a "perfect storm of AI-driven cyber threats" heading into 2025. Attacks featuring deepfake audio and video will likely be the most visible manifestations of the trend, he noted.

Related:Middle East Cyberwar Rages On, With No End in Sight

"We can expect deepfakes to be used alone or as part of a larger attack much more often in 2025," Green said. The use of audio deepfakes in particular is likely to increase over the next 12 month, as technology for highly credible voice cloning becomes more easily accessible.

**AI-Focused Cybersecurity Preparations**

Expect also to see more organizations in the APAC region looking for ways to better protect their data as they implement AI-enabled projects.

"Our customers are asking how they can get more value out of their data, while maintaining robust security, especially as they look to benefit from GenAI products like Microsoft Copilot," adds Max McNamara, vice president and managing director Australia and New Zealand at AvePoint.

"This starts with having secure, accessible data, ensuring you can scale with solutions that don't compromise your security posture, and rigorously adhering to increasingly complex regulatory standards," he says. APAC organizations will increasingly be looking to ensure their data is not just accessible, but also fundamentally secure within their borders, he notes.

Related:'Dubai Police' Lures Anchor Wave of UAE Mobile Attacks

"Our customers are asking how they can get more value out of their data, while maintaining robust security, especially as they look to benefit from GenAI products like Microsoft Copilot," McNamara says, adding that this starts with having secure, accessible data, ensuring you can scale with solutions that don't compromise your security posture, and rigorously adhering to increasingly complex regulatory standards.

**Quantum Projects Will Drive Increase in Harvest Now, Decrypt Later Attacks**

The growing number of quantum computing projects in the APAC region is likely going to fuel an increase in "harvest now, decrypt later" attacks as well. Such attacks involve adversaries collecting and storing currently encrypted data with the intention of decrypting it in the future, when quantum computers become powerful enough to break today's encryption standards. The attacks pose a significant threat to sensitive information that needs to remain secure for extended periods of time.

According to Fortune Business Insights, Asia Pacific is the fastest growing quantum computing market in the world, with multiple companies including IBM, Microsoft, Google, Alibaba, Baidu, JSR, and D-Wave systems currently involved in large regional quantum software and hardware projects. One example is a new quantum computing cloud platform that Alibaba has deployed in collaboration with the Chinese Academy of Sciences. Some quantum projects in the APAC region are happening at a national level, such as India's US-funded National Mission on Quantum Technologies & Applications, and Singapore's Quantum Engineering Programs.

Related:Governments, Telcos Ward Off China's Hacking Typhoons

"The advent of quantum computing threatens to render current encryption standards obsolete, risking exposure of sensitive data and compromising critical infrastructure," Lee says. "Quantum-resistant cryptography will gain traction as organizations prepare for future decryption threats."

Organizations in the APAC region should expect increased interest in harvest now, decrypt later attacks from a wide range of adversaries, including nation-state-backed threat actors, according to Palo Alto Networks' Green. The attacks will pose a threat to governments and businesses, civilian and military communications, critical infrastructure, and organizations developing quantum projects, Green said. Organizations concerned about the trend should develop a quantum resistant road map that includes deployment of quantum resistant tunnelling, stronger crypto libraries and quantum key distribution, according to Palo Alto Networks.

Richard Sorosina, chief technology security officer and vice president of solution architecture at Qualys' EMEA & APAC operations, believes that the fast-evolving and increasingly sophisticated nature of the APAC threat landscape will likely accelerate ongoing consolidation of security capabilities at many organizations in the region. He expects organizations will increasingly move toward a unified security platform approach that will provide both a centralized view of risk across the organization and mechanisms to remediate that risk when found. Many of these efforts will be "driven by a need to reduce complexity, increase operational efficiency, enhance detection and response capabilities, and reduce overall cost," Sorosina says.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Deepfakes, Quantum Attacks Loom Over APAC in 2025

Secure Gaming during holidays is essential as cyberattacks rise by 50%. Protect accounts with 2FA, avoid fake promotions,…

Secure Gaming during holidays is essential as cyberattacks rise by 50%. Protect accounts with 2FA, avoid fake promotions, use secure downloads, and trust verified tools to enjoy safe, uninterrupted gameplay.

The holiday season is a time of joy for gamers, with more free time to play, exciting events, and in-game promotions. However, this festive period comes with higher risks of cyberattacks than any other period of the year.

Studies by Wowvendor, a company dealing in WoW services, indicate that hackers increase their activity by 50% during the holidays and especially prey on gamers via malware and phishing. This article will detail these risks and give some useful advice on how to enjoy gaming without compromising your account security.

****The Rise of Cyber Threats During Holidays****

The gaming community gets busy during the holidays. Unfortunately, cybercriminals find this an attractive target. The key reasons for increased risks are as follows:

*   **Increased player traffic** – A large consumer base of online gaming creates, in turn, more opportunities for hackers to exploit vulnerabilities.
*   **Attractive holiday promotions** – Many players get tricked into fake giveaways and deals, without knowing it compromises their data security.
*   **Malware in pirated games** – Most of the time, hackers put harmful software inside cracked versions of popular titles.

For instance, cybersecurity companies have informed that the number of phishing emails with “in-game rewards notifications” and “discount offers” have spiked around the times of past holiday seasons. These examples of threats put the importance of vigilance during peak gaming hours deeper into focus.

****Common Cyber Threats to Gamers****

Cyber threats range from gaming cyber attacks and data security incidents to DDoS attacks. This will likely impact some players more and possibly their performance during peak gaming periods. Understanding these dangers can help players stay protected:

****Fake add-ons, mods and Phishing schemes** **

Hacks through counterfeit mods are common in games such as World of Warcraft. Hackers distribute these infected mods using counterfeit mods and give the malware the chance to steal login credentials or infect the device they’re playing on. Additionally, fraudulent links and websites trick people into providing personal information or downloading malicious software.

****DDoS attacks** **

The gaming industry is seeing a lot of DDoS attacks (distributed denial of service attacks), wherein hacker group gets a network of infected devices (botnet) that perform a network DDoS attack to inundate a game server or a group of players with a massive amount of traffic. This overload disrupts the server or network connection and has broken the game so that normal users can’t even get in.

These attacks send many requests and place a heavy load onto the server. Hackers aim at certain players’ IP addresses and try to degrade their connection, or that of the player behind it, to give themselves an in-game advantage. This type of targeted interference disrupts competitive gameplay and can negatively impact a game’s experience for the player.

Additionally, the number of ransomware attacks against gaming accounts has risen as well. They involve locking players out of their accounts and asking for payment to access them. When you are faced with unfamiliar software or links, it’s best to stay awake and alert to risks.

****Best Practices for Secure Gaming****

A large number of cyber attacks on gamers can stem from unauthorized downloads, according to leading cyber security firm Kaspersky. To enjoy your games safely during the holidays, follow these cybersecurity tips:

*   **Download software from official sources** — Do not download games or updates from untrusted websites — they can hide malware.
*   **Use two-factor authentication (2FA)** — It simply gives you extra protection for your gaming accounts.
*   **Verify promotional offers** — Don’t accept offers that are simply too good even to be true. There are always official channels for you to confirm their legitimacy.
*   **Avoid cracked games** — First and foremost pirated games are illegal, and they’re dangerous for security reasons too.

Working with your use of strong, unique passwords across all your accounts, these measures can go a long way toward mitigating your risk of being victimized in this way.

****The Role of Gaming Companies****

Leading gaming companies have stepped up their efforts to combat cyber threats. Their initiatives include:

*   **Enhanced security systems** – AI detecting and blocking unusual activity on gaming networks.
*   **Regular updates and patches** – Time and time again, developers release updates to patch vulnerabilities, and protect players with updates.
*   **Player education** – Many platforms offer users a way of recognizing and preventing scammers.

For instance, World of Warcraft’s creators, Blizzard Entertainment, is constantly monitoring its ecosystem for threats and expelling them while at the same time urging players to use solutions, for example, 2FA. Machine learning has been introduced into other companies, such as Valve and Riot Games, in an attempt to detect possible hacking through in-game behaviours.

****Advanced Cybersecurity Tools for Gamers****

Gamers now have access to cutting-edge cybersecurity solutions tailored to safeguard their online experience:

*   **Gaming-optimized VPNs** – VPN services will make sure that you have safe, encrypted connections while reducing latency and optimizing the routing of the server. It shields against DDoS attacks and keeps the gameplay smooth.
*   **Anti-phishing extensions** – Google Safe Browsing and Microsoft Defender SmartScreen are tools that actively block malicious sites and alert players that a phishing page is attempting to lure them into a trick.
*   **Behavioural analytics and anti-cheat systems** – Dedicated platforms use machine learning to analyze login patterns and in-game behaviour, detecting anomalies like hacking or unauthorized access.
*   **DDoS mitigation services** – Distribution denial-of-service attacks that cause gaming servers to stop working are identified and neutralized by Cloudflare, Akamai Prolexic, and other companies that protect gaming servers so that gamers can continue enjoying online sessions uninterrupted.

With these state-of-the-art tools, gamers will be protected from changing threats, which will protect gaming for the holidays and beyond.

****Stay on the Safe Side****

The holiday season is a wonderful opportunity to connect with your favourite games and communities. While cyber threats do increase during this period, staying informed and adopting secure practices can protect your gaming experience. From using official platforms to enabling two-factor authentication, every step you take helps reduce risks.

Gaming companies are also playing their part by providing services and insights that enhance player safety. By working together and staying alert, gamers can fully embrace the holiday spirit, free from cybersecurity concerns.

1.  What is Blockchain Gaming and its Play-to-Earn Model?
2.  Exploring Data Privacy and Security in B2B Gaming Data
3.  The Rise of Blockchain Gaming and Secure Marketplaces
4.  Winos4.0 Malware Targeting Windows via Fake Gaming Apps
5.  Gcore Thwarts 500 Million PPS DDoS Attack on Gaming Company

Tag

#microsoft