The consortium of private companies and academia will focus on ways to protect hardware memory from attacks.

Source: Science Photo Library via Alamy Stock Photo

A new chip security consortium named CHERI Alliance is focused on protecting data stored in hardware memory from cyberattackers.

The alliance backs a protection model that isolates the hardware and software to prevent hackers from injecting code into memory that would allow them to take over systems or steal data.

"Memory issues represent approximately 70% of the routes taken by cyber attackers," said CHERI Alliance in a statement.

CHERI is an acronym for Capability Hardware Enhanced RISC Instructions. The alliance will formally launch in September.

Memory issues are usually addressed through software techniques or coarse-grained hardware memory protection, says alliance spokesperson Tora Fridholm.

"These methods either leave holes or are not very practical," Fridholm says. "What is unique about CHERI is that the technology adds fine-grained memory protection, with the ability to prevent these issues completely without adding a major overhead."

The alliance focuses on securing memory in ARM, MIPS, and RISC-V architectures, which dominate edge devices.

The backing entities include University of Cambridge, the FreeBSD Foundation, Capabilities Limited, lowRISC, and SCI Semiconductor. While ARM dominates the microcontroller and mobile markets, the company is currently not part of the consortium.

ARM has been victim to many memory-bound vulnerabilities, including one earlier this month that allows hackers to access GPU memory. ARM-based processors also had vulnerabilities related to Meltdown and variants of Spectre, which allowed hackers to take over memory.

**Research on Memory Protection**

The CHERI program originally started off in 2010 as a research program between the University of Cambridge and SRI International; and was funded by DARPA's CRASH.

As part of the program, researchers developed CHERI-based hardware with memory protection features. ARM's prototype Morello board with CHERI extensions was reviewed by the Microsoft Security Response Center, which provided recommendations to improve the design. CHERI was described in a research paper published earlier this year as a "hardware-software capability-based system that extends the ISA, toolchain, programming languages, operating systems, and applications in order to provide complete pointer and memory safety."

CHERI researchers also provide toolkits so C and C++ programmers can add memory protection to code. C++ doesn't have automatic memory protection mechanisms, unlike newer development tools, such as Rust, which leaves space for coders to inject malicious code. Coders need to add specific code to protect memory.

**About the Author(s)**

Agam Shah has covered enterprise IT for more than a decade. Outside of machine learning, hardware, and chips, he's also interested in martial arts and Russia.

CHERI Alliance Aims to Secure Hardware Memory

The US passenger rail giant said attackers used previously compromised credentials to crack accounts and access a freight train of personal data.

Source: Peter Titmuss via Alamy Stock Photo

Amtrak has disclosed a data breach affecting train travelers' Guest Rewards accounts.

In a breach-disclosure notice filed with the state of Massachusetts, the national passenger rail service noted that an unknown third party gained unauthorized access to users' account information during the time period of May 15-18.

The transport giant determined that compromised usernames and passwords from prior breaches were likely used to access certain accounts, and stressed in the breach notice that there was no hack of Amtrak systems.

Even so, the information that the threat actor accessed includes a social engineering bonanza of data, including "name, contact information, Amtrak Guest Rewards account number, date of birth, payment details (such as partial credit card number and expiration date), gift card information (such as card number and PIN) and/or information about your transactions and trips."

In some cases, the hackers took over accounts and changed emails and passwords to lock legitimate users out. Amtrak was able to nip that in the bud, though: "We have changed the email address for your Amtrak Guest Rewards account back to your email address and initiated a reset of your account password."

Amtrak didn't elaborate on how many rail aficionados are affected, but urged riders to rotate their passwords and implement multifactor authentication to prevent account access and takeovers.

"Threat actors have realized the high rewards of stealing from travel loyalty programs, which can easily be sold on the Dark Web or converted to tickets that they later sell," said Stuart Wells, Jumio CTO, in an emailed statement shared with media. "It's a reality that's particularly tough on travelers who have worked for months, or even years, to accumulate loyalty points and status through regular trips. Customers who are less frequent travelers may not notice their points disappearing for a long time."

**Multiple Cyber Incidents for Amtrak Customers**

This isn't the first time the data breach engine has left the Amtrak station. In 2020, it disclosed a Guest Rewards breach in which "some personal information may have been viewed," according to the notification, where the threat actor was noticed and booted out of the system "within a few hours."

Jumio's Wells noted that, given the weaknesses known to be present in most mainstream MFA techniques, businesses could go further to protect consumer accounts.

"As cyber threats evolve, businesses must adopt advanced verification technologies to enhance the protection of sensitive user data. Implementing a robust identity verification system is crucial to effectively combat fraud in all forms," he said.

For instance, "utilizing biometric verification methods ensures that illegitimate users and hackers are hindered before causing further harm, as they would need more than just credentials to gain access. This approach protects consumers from having their personal details disclosed from compromised accounts and provides a very effective solution to combat fraud."

**About the Author(s)**

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Hackers Derail Amtrak Guest Rewards Accounts in Breach

A trio of bugs could allow hackers to escalate privileges and remotely execute code on virtual machines deployed across cloud environments.

Source: Schoening via Alamy Stock Photo

Broadcom has released fixes for three vulnerabilities affecting VMware vCenter, two of which are of critical severity and allow remote code execution (RCE). The disclosures come as virtual machines (VMs) continue to attract the notice of hackers, thanks to the rich repositories of sensitive data and applications they tend to house. Patching immediately is a good idea.

vCenter is the centralized management console for VMware virtual environments, and is used to view and manage VMs, multiple ESXi hosts, and all dependent components from a single centralized location. CVE-2024-37079 and CVE-2024-37080 are heap overflow vulnerabilities in vCenter's implementation of DCERPC — short for Distributed Computing Environment/Remote Procedure Call — used for calling a function on a remote machine as if it were a local one.

DCERPC is useful for engaging with remote machines, especially if you're a remote hacker. Using a specially crafted network packet, an attacker with network access can take advantage of these vulnerabilities to remotely execute their own code on VMs managed by vCenter. The potential for harm has earned both vulnerabilities critical 9.8 out of 10 scores on the CVSS scale.

Broadcom also patched a number of local privilege escalation vulnerabilities resulting from a misconfiguration of sudo within vCenter. Short for "superuser do" or "substitute user do," sudo allows users in Unix systems to run commands with the privileges of another user — at the root level by default. An authenticated local user can take advantage of the bug labeled CVE-2024-37081 to obtain administrative privileges on a vCenter Server appliance. It has been assigned a high CVSS score of 7.8.

As yet, there is no evidence that any of these three vulnerabilities have been exploited in the wild — though that could quickly change. Remediations can be found here, and an accompanying Q&A page here.

**The Risk in Cloud VMs**

According to its own documentation, VMware sports more than 400,000 customers, including 100% of all Fortune 500 and Fortune Global 100 companies. Its technology supports more than 80% of virtualized workloads and a good chunk of business critical applications.

"The increasing popularity of cloud computing has led to a corresponding surge in VM usage, consolidating multiple applications onto a single physical server," explains Patrick Tiquet, vice president of security and architecture at Keeper Security. "This consolidation not only enhances operational efficiency but also presents attackers with the opportunity to compromise a variety of services through a single breach."

vCenter Server epitomizes this risk. As the centralized management software supporting the VMWare vSphere and Cloud Foundation platforms, it provides a launch point for both IT administrators and hackers to reach many VMs running across organizations.

"Successful breaches not only disrupt services and dole out financial losses, but can also lead to the exposure of sensitive data and violations of regulatory requirements, severely damaging an organization’s reputation," Tiquet warns, so patching new vulnerabilities as they crop up is both necessary and insufficient for organizations to be at ease.

Besides network segmentation, vulnerability audits, and other security hardening tactics like incident response planning and maintaining robust backups, he says, it's the job of network administrators to lead from the front: "Administrators should always ensure they’re using a secure vault and secrets management solution, they must apply necessary updates as soon as possible, and they should also check their cloud console’s security controls to ensure they’re following the latest recommendations."

**About the Author(s)**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Critical VMware Bugs Open Swaths of VMs to RCE, Data Theft

Threat actors were able to breach Blackbaud's systems and compromise sensitive data, largely because of the company's poor cybersecurity practices and lack of encrypted data, the AG said.

Source: SOPA Images Limited via Alamy Stock Photo

Blackbaud, a South Carolina-based software company, has been ordered by the California Attorney General's Office to pay $6.75 million to settle a ransomware attack that took place in May 2020.

The attack occurred due to poor security practices, the AG's office said.

After Blackbaud revealed that the threat actors compromised unencrypted Social Security numbers, bank account details, and login credentials, the company "then made misleading statements about the sufficiency of its data security efforts prior to the breach and about the extent of the breach to its nonprofit customers and the public," stated the Attorney General's press release. "These actions violated the Reasonable Data Security Law, Unfair Competition Law, and the False Advertising Law related to data security."

Private information from 13,000 nonprofits, universities, hospitals, and other organizations were compromised through Blackbaud, according to a government-led investigation, leading the company to pay a ransom of 24 bitcoins or $250,000.

The fine is part of a broader set of penalties. Blackbaud initially was fined $3 million in March 2023 before agreeing to a $49.5 million settlement with 49 states and Washington, DC. At the beginning of this year, however, the Federal Trade Commission ordered Blackbaud to also develop an information security program, as well as delete data that is no longer necessary for its services. 

The FTC argued that though the company paid the ransom demanded by the threat actors, it did not take additional steps to ensure that the data was deleted, nor did it step up its security practices, including implementing multifactor authentication, monitoring its network, and encrypting sensitive data, among other things. 

"Not only did Blackbaud fail to protect consumers' personal information, but they misled the public of the full impact of the data breach," stated Attorney General Bonta. "This is simply unacceptable. Today's settlement will ensure that Blackbaud prioritizes safeguarding consumers' personal information and enhances security measures to prevent future incidents."

**About the Author(s)**

Blackbaud Fined $6.75M After 2020 Ransomware Attack

"ClearFake" and "ClickFix" attackers are tricking people into cutting and pasting malicious PowerShell scripts to infect their own machines with RATs and infostealers.

Source: Nico El Nino via Shutterstock

Threat actors are using fake browser updates and software fixes to trick users into cutting/copying and pasting PowerShell scripts loaded with various malware strains — including remote access Trojans (RATs) and infostealers — to infect their computers.

Researchers from Proofpoint observed the socially engineered technique employed by initial access broker tracked as TA571, as well as an unidentified actor in the last three months, starting as early as March 1, they revealed in a blog post published June 17.

There appear to be two methods of social engineering used in the activity — one that offers fake browser updates in yet another ClearFake campaign, and the other that delivers error messages related to Word, Google Chrome, and OneDrive dubbed "ClickFix" by the researchers. Malware delivered in the campaign includes the DarkGate and NetSupport RATs, the malware loader Matanbuchus, and various information stealers, including Lumma and Vidar.

"Whether the initial campaign begins via malspam or delivered via web browser injects, the technique is similar," Proofpoint researchers Tommy Madjar, Dusty Miller, Selena Larson, and the Proofpoint Threat Research Team explained in the post.

The campaigns show users are a pop-up textbox that suggests an error occurred when trying to open the document or webpage, and further instructions to copy and paste a malicious script into either the PowerShell terminal or the Windows Run dialog box to eventually execute the script via PowerShell, they said.

Attackers use "clever" and "authoritative" social engineering in the fake error messages delivered to users in the campaign, and also "provides both the problem and a solution so that a viewer may take prompt action without pausing to consider the risk," the researchers noted.

The activity reflects a trend among cybercriminals to adopt "increasingly creative attack chains" that ensure the success of campaigns that employ nested PowerShell and other technical tactics that are not easily detected by users, they said.

**ClearFake for Malware Delivery**

Proofpoint first observed the cut-and-paste technique with a ClearFake campaign in early April as well as "every other ClearFake campaign since then," the researchers noted. ClearFake is a previously identified fake browser update activity cluster that compromises legitimate websites with malicious HTML and JavaScript.  

In the latest campaigns, when a user visited a compromised website, the injection caused the website to load a malicious script hosted on the blockchain via Binance’s Smart Chain contracts, using a technique known as EtherHiding. The initial script then loaded a second script from a domain to eventually present a fake warning warning instructing them to install a "root certificate" to view the website correctly.

The message included instructions to click a button to copy a PowerShell script and then provided steps on how to manually run this script on the victim's computer. If this is done, the user effectively executes the PowerShell by pasting it into the PowerShell command line interface window. Proofpoint observed at least five types of malware being delivered in this way, including the Lumma stealer, Amadey Loader, and JaskaGo.

**ClickFix Baits With Error Messages**

Proofpoint first began to observe what it calls the ClickFix campaign in mid-April when its researchers found compromised sites containing an inject leading to an iframe on pley\[.\]es displayed as an overlay error message. The messaged claimed that a faulty browser update needed to be fixed and asked the victim to open “Windows PowerShell (Admin)”–which will open an User Account Control (UAC) prompt–and then right-click to paste the code.

If users take the bait, PowerShell runs another remote PowerShell script that downloads and runs an executable, eventually leading to Vidar stealer. While the payload domain used in the PowerShell was taken offline just a few days after the researchers discovered the activity, the custom content of the iframe was replaced with the ClearFake injection that was still active earlier this month. The researchers remain unclear if the same actor is behind ClearFake and ClickFix, however.

**TA571 Attribution**

Proofpoint observed TA571 using cut-and-paste PowerShell against victims as early as March 1 in a campaign that included more than 100,000 messages and targeted thousands of organizations globally. The threat actor employed emails containing an HTML attachment that displayed a page resembling Microsoft Word as well as error message claiming that "the Word Online" extension is not installed.

The message presented users with two options to continue, either "how to fix" or "auto-fix," both of which led them down to malicious paths to install malware, including Matanbuchus or DarkGate, using PowerShell or DLL files.

TA571's use of similar attack chains throughout the spring using "various visual lures and varying between instructing the victim to either open the PowerShell terminal or using the Run dialog box" demonstrates a link between the actor and the ClickFix campaign, the researchers noted.

**Mitigating Malware Compromise**

Proofpoint included a list of indicators of compromise (IoCs) in recent campaigns, acknowledging that it is not an "exhaustive list" but merely a snapshot of websites, email addresses, and other processes related to the malicious activity that its researchers have observed.

Overall the attack chain requires "significant user interaction" to be successful, which means the most practical way for organizations to help avoid compromise on their network is employee awareness and training, the researchers noted.

"Organizations should train users to identify the activity and report suspicious activity to their security teams," the researchers wrote. "This is very specific training but can easily be integrated into an existing user training program." 

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Cut &amp; Paste Tactics Import Malware to Unwitting Victims

Forcing Microsoft to compete fairly is the most important next step in building a better defense against foreign actors.

Steve Weber, Professor of the Graduate School, UC Berkeley School of Information

June 18, 2024

4 Min Read

Source: Michael Urmann via Alamy Stock Photo

COMMENTARY

This month, Microsoft president Brad Smith was confronted by the US House Committee on Homeland Security, in a hearing over the cybersecurity woes that have plagued the government as a direct result of the company's security shortcomings. These issues, however, don't just come down to insecure products. They're symptoms of a larger disease — a lapse in market and competition policy that has allowed Microsoft to dominate virtually all of the public sector technology market. And the US government's failure to properly diagnose the deeper cause puts us all at risk. 

Microsoft, by its own admission, is ground zero for state-sponsored hacking groups, and flaws in the company's software have been responsible for a huge proportion of cyber breaches affecting the US government in recent memory. Our country's cyber watchdogs — the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and Cyber Safety Review Board (CSRB) — have spent considerable resources assessing these incidents and trying to assess and address Microsoft's vulnerabilities.

There's a fundamental problem with this process. The government is confusing symptoms — persistent hacks, breaches, and vulnerabilities — with an underlying disease: the lack of competition around cybersecurity. Microsoft has systematically exploited weaknesses in procurement processes to stifle competition and lock government customers into its insecure technology. That confusion ultimately leaves the government's tools to enhance competition on the sidelines, when those tools are the best remedy for cyber insecurity.

Microsoft holds an 85% market share of government collaboration and communications technology and now is awarded at least a quarter of its contracts without any meaningful competition. It's reached this position through a series of deliberate, anticompetitive moves the government has largely neglected. Stretched government procurement officers and chief information security officers (CISOs) are taking the path of least resistance. That's not their fault; it's a difficult consequence of their job. But Microsoft exploits this by making it expensive and difficult to run its software on a competitor's cloud, including charging a five-times premium just to use Word on Amazon's cloud instead of its own Azure cloud service. Microsoft bundles dozens of ancillary applications with its Office productivity apps in its licenses (including Access, Delve, Viva, and others), which stifles competition by linking basic, widely used services with less popular ones and pricing them as free.

The result? A software monoculture with a simple attack surface for the United States' adversaries with nearly a single point of failure: Microsoft. This is a major threat to national security. The potential harm is real and expensive. The US government spent more than $11.1 billion on cybersecurity in 2023, in large part trying to compensate for and respond to the Microsoft incidents that left it vulnerable to intrusion. 

Some lawmakers are ready to take action. Senator Ron Wyden recently drafted legislation that would require the government to set new standards for collaboration software in response to a CSRB report. It's a good step, but it solves only part of the problem. Even if the government can collaborate with other providers while using Microsoft's software, the company's licenses still make it very expensive, all at a major cost to the taxpayer.

**A Better Solution Is Needed**

The government must use all the tools at its disposal to create a more comprehensive solution that immediately targets the root cause of its cybersecurity woes: Microsoft's anticompetitive licensing restrictions. These tools include using the General Services Administration (GSA) to modify procurement processes as a means of bolstering national security. The GSA is responsible for providing agencies with cost-effective, high-quality products from diverse vendors, and the evidence is clear that Microsoft doesn't meet these standards. The GSA can take action by either negotiating better licensing conditions with the company or by looking at other vendors to help diversify the government's tech infrastructure. That would be a strong and timely step to set the stage for more comprehensive and sweeping competition policy action by the Federal Trade Commission (FTC) or the Department of Justice. It's also a step that wouldn't take years to implement — which is vital given the current and future costs of Microsoft's efforts to lock government customers into long-term contracts. The longer the government waits, the harder the lock-in will be to reverse.

It can't settle for identifying symptoms. Microsoft's licensing is responsible for a debilitating disease that has infected our government's tech infrastructure. Allowing major government contracts to be awarded to any one company — in this case, Microsoft — is only plausible if procurement officials believe they really don't have any other choice. But we already have the remedies necessary to level the playing field and make enterprise software vendors accountable for weak cybersecurity. Forcing Microsoft to compete fairly is the most important next step to build a better defense against foreign actors. We have multiple tools to create a level playing field. We just need to use them. 

**About the Author(s)**

Professor of the Graduate School, UC Berkeley School of Information

Steve Weber works at the intersection of technology markets, intellectual property regimes, and international politics He has published numerous books, including The Success of Open Source and, most recently, Bloc by Bloc: How to Build a Global Enterprise for the New Regional Order, and serves as Professor of the Graduate School, School of Information, UC Berkeley. He has worked with and received research funding from a number of technology firms, including Google and Microsoft.

The Software Licensing Disease Infecting Our Nation's Cybersecurity

Microsoft last year described the threat actor — known as UNC3944, Scattered Spider, Scatter Swine, Octo Tempest, and 0ktapus — as one of the most dangerous current adversaries.

Source: Photo Spirit via Shutterstock

The recent attacks on customer accounts hosted on the Snowflake data warehousing platform could signal a broader shift among threat actors to targeting software-as-a-service (SaaS) application environments.

A recent Mandiant report highlighted another large threat actor that has begun going after enterprise data in SaaS applications in a broadening of its usual focus on Microsoft cloud environments and on-premises infrastructure. The threat actor, which Mandiant is tracking as UNC3944, is an English-language speaking group that other vendors have been tracking variously as Scattered Spider, Scatter Swine, Octo Tempest, and 0ktapus.

**UNC3944: A Dangerous Cyber Adversary**

The group's more recent capers have included a ransomware attack that knocked numerous critical systems offline for days at MGM Resorts last year and another that targeted Caesars Entertainment, which reportedly paid millions of dollars to the group to get back access to its data. The likely US- or UK-based threat actor is known for its SIM-swapping tactics and highly sophisticated credential-phishing skills, which include calling into enterprise help desks and resetting Okta credentials to take over accounts. Microsoft last year categorized UNC3944 as one of the most dangerous financially motivated cyber-threat groups active currently.

According to Mandiant, UNC3944 has broadened its focus to data in enterprise SaaS applications over the past 10 months or so. 

"In addition to traditional on-premises activity, Mandiant observed pivots into client SaaS applications," according to the security vendor's analysis. In many of these attacks the threat actor has used stolen credentials to access SaaS applications protected by single sign-on providers such as Okta. "Mandiant observed unauthorized access to such applications as vCenter, CyberArk, Salesforce, Azure, CrowdStrike, AWS, and Google Cloud Platform."

After gaining access to these environments, the threat actor has typically conducted at least some reconnaissance activity using a variety of methods, including Microsoft's Delve, to search for data in Microsoft 365 environments. The threat actor has then stolen data from these apps and transferred the data to cloud storage resources such as Amazon S3 buckets, using Airbyte, Fivetran, and other cloud synchronization utilities.

"These applications required only credentials and a path to the resources to sync the data to an external source automatically, often without the need for a subscription or expensive costs," Mandiant researchers said.

**Sophisticated Social Engineering Tactics**

Phishing and social engineering remains one of the group's primary methods to acquire credentials for accessing enterprise SaaS accounts. In attacks that Mandiant observed, UNC3944 actors made voice calls in clear English to help desk staff to get their assistance in gaining access to privileged accounts. In many of these calls, the adversary appeared to possess the detailed personal information — such as the last four digits of the victim's Social Security number, dates of birth, and manager information — required to pass the help desk administrator's initial user authentication checks.

"The level of sophistication in these social engineering attacks is evident in both the extensive research performed on potential victims and the high success rate in said attacks," Mandiant researchers said.

Mandiant's report highlighted UNC3944's creation of new virtual machines in victim environments as a particularly effective persistence mechanism. The threat actor's modus operandi is to use single sign-on (SSO) apps to access VMware vSphere and Microsoft Azure cloud environments.

"The importance here is the observation of abusing administrative groups or normal administrator permissions tied through SSO applications to then create this method of persistence," according to the report.

**Leveraging VMs for Persistence**

After creating a new virtual machine, the threat actor has used specific tools to reconfigure the VMs to remove default Microsoft Defender protections and telemetry that would be of use in a forensic investigation. In situations where the compromised environment might not have any endpoint monitoring, the threat actor has downloaded multiple tools to the new VMs, including credential extraction utilities such as Mimikatz and ADRecon, and tunneling tools such as NGROK and RSOCX. Such tools allow UNC3944 to access the virtual machine without requiring any multifactor authentication (MFA) or VPN, according to Mandiant.

Mandiant's recommendations for organizations include using host-based certificates and MFA for VPN access, and creating strict conditional access policies to limit what is visible inside a cloud tenant.

According to the report, Mandiant recommends "heightened monitoring of SaaS applications, to include centralizing logs from important SaaS-based applications, MFA re-registrations, and virtual machine infrastructure, specifically about both uptime and the creation of new devices."

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Scattered Spider Pivots to SaaS Application Attacks

With the requirement that all vulnerabilities first get reported to the Chinese government, once-private vulnerability research has become a goldmine for China's offensive cybersecurity programs.

Source: Zoonar GmbH via Alamy Stock Photo

China's cybersecurity experts over the past decade have evolved from hesitant participants in global capture-the-flag competitions, exploit contests, and bug bounty programs to dominant players in these arenas — and the Chinese government is applying those spoils toward stronger cyber-offensive capabilities for the nation.

In 2014, for example, Keen Team was the sole Chinese hacking group to take home a prize — scoring 13% of the purse — from the Pwn2Own exploit contest. But by 2017, seven China-based teams collected 79% of the prize money from the contest, according to data from the report, "From Vegas to Chengdu Hacking Contests, Bug Bounties, and China's Offensive Cyber Ecosystem," published last week. The following year, China banned participation in Western contests, gauging the vulnerability information too important to national security.

Its civilian hackers have directly benefited China's cyber-offensive programs and are one example of the success of China's cybersecurity pipeline, which the government created through its requirement that all vulnerabilities be directly reported to government authorities, says Eugenio Benincasa, senior researcher at the Center for Security Studies (CSS) at ETH Zurich, and the author of the report.

"By strategically positioning itself as the final recipient in the vulnerability disclosure processes of civilian researchers, the Chinese government leverages its civilian vulnerability researchers, among the best globally, on a large scale and at no cost," he says.

The open source intelligence report comes as the United States, Australia, Japan, South Korea, and other nations in the Asia-Pacific region have struggled to improve cyber defenses against Chinese advance persistent threat (APT) groups. Earlier this year, high-profile US government officials warned that China was compromising critical infrastructure to pre-position its military hackers for future conflicts. And, in the recently uncovered "Operation Crimson Palace," three different threat teams in China conducted coordinated attacks against a Southeast Asia government agency.

**A Robust Cyber Pipeline**

Starting with university capture-the-flag competitions and ending with exploits that enable military cyber operations, China's pipeline for training civilian hackers highlights the benefits of the country's focus on practical cybersecurity. China's cyber-offensive capability has also significantly benefited from the enforcement of its vulnerability disclosure rule, the Regulations on the Management of Security Vulnerabilities in Network Products (RMSV). Both programs are part of China's overall Military-Civil Fusion (MCF) initiative.

Flow chart showing the pipeline for cybersecurity expertise and vulnerability information. Source: ETH Zurich's "From Vegas to Chengdu Hacking Contests, Bug Bounties, and China’s Offensive Cyber Ecosystem" paper

Focusing its burgeoning numbers of technical graduates on finding vulnerabilities helps amplify its offensive capabilities, says Chris Wysopal, chief technology officer at software security firm Veracode.

"There is a scale difference there. ... They have a large number of technical graduates, and that is being harnessed to find vulnerabilities in \[Western products, such as\] Google Android," he says. "This shows that the incentives are working in their favor, and there's evidence of that."

Two groups of hackers exist within China's cyber-offensive ecosystems. The first group includes vulnerability researchers and offensive security specialists who have distinguished themselves by competing in bug bounty programs and hacking contests, such as the Pwn2Own contest and the Tianfu Cup, which was established as a China-based alternative to Pwn2Own.

The second group consists of the contracted or professional hackers who weaponize vulnerabilities for use in attacks on specific targets. Exploits developed by the first group have often been used by the second, a fact discussed in the iSoon leak earlier this year.

In the past, vulnerability research teams were typically associated with technical groups at large firms, such as Qihoo 360, which has at least 19 teams; the Ant Group, which hosts nine teams; and Tencent, which has at least seven research groups. Today, the researchers often are part of boutique cybersecurity firms.

China's civilian hackers initially obtained training by participating in Western capture-the-flag contests and exploit-development competitions, such as Pwn2Own, as well as bug bounty programs. China now has domestic versions of most of these initiatives and programs, often with the financial backing of top-tier national technical universities.

**Cybersecurity Superstars**

A handful of researchers have made significant contributions to China's programs, highlighting China's reliance on a small group of researchers, according to the report.

More than 50% of Google Android vulnerabilities, for example, are credited to Qihoo 360's Security Response Center (360 SRC), naming Han Zinuo as one of the contributors. When Zinuo moved to cybersecurity firm Oppo, 360 SRC's submissions dropped and Oppo's increased, the research paper stated. Similarly, another researcher, Yuki Chen, accounted for 68% of Qihoo 360's Vulcan researcher group's submissions to Microsoft, and when he moved to boutique firm Cyber Kunlun in 2020, the former firm saw a significant drop in vulnerabilities to Microsoft's bug bounty program, while the latter saw a surge.

Overall, the number of vulnerabilities reported by Chinese firms to the big three US software companies — Apple, Google, and Microsoft — declined starting in 2020. While this could suggest that Chinese firms were no longer reporting the vulnerabilities they discovered, it also coincided with increasing sanctions from the United States, such as the blacklisting of Qihoo 360 in May 2020 due to its links to the Chinese military, the report stated.

"This decrease \[in vulnerability reports has\] raised concerns about the potential loss of a significant channel for vulnerability reporting within the global ecosystem," the report said.

**Downsides for Defense**

Because Chinese teams have curtailed their participation in Western hacking competitions, they have arguably made the competitions less effective as a defensive strategy. In 2022 and 2023, for example, no teams attempted to hack either Apple's iPhone or Google's Pixel at the Pwn2Own competition — that was the first time in 15 years for Apple's iPhone — indicating that China now considers any exploits its experts find as too valuable to demonstrate publicly.

"The notable absence of Chinese hacking teams that specialized in targeting these devices explains this break far better than assuming that the iPhone and Pixel have become unbreachable," the research paper stated. "Concurrently, these vulnerabilities are highly likely evaluated by China's security agencies for potential use in cyber malicious operations."

Even showing such exploits without any accompanying details runs the risk of directing attackers to rediscover vulnerabilities, says Dustin Childs, head of threat awareness for the Zero Day Initiative at Trend Micro, which runs the Pwn2Own competition.

"They have already been demonstrated onstage, so threat actors know they aren’t wasting their time reversing a patch for some that may end up non-exploitable," he says. "This is why we invite vendors to participate in the contest."

Private organizations that deal in exploits act as a bellwether for the vulnerability market. Exploit seller Zerodium currently offers a $2.5 million payday for any hacker that finds a zero-click exploit chain for Google Android and $2 million for a similar attack on iOS.

**China's Own Hacking Competitions**

Meanwhile, China is further divorcing itself from the global information infrastructure, moving its infrastructure to domestically developed technology. Unsurprisingly, its cybersecurity pipeline is following suit, with some major exploit competitions focusing increasingly on Chinese products.

In the long term, China will have to follow two paths, Benincasa says.

"We are observing an interesting shift in China's hacking competitions toward focusing more on their own products, while at the same time maintaining a strong interest in Western ones," he says, adding, "China's strategic intent \[is\] to maintain a presence in international products for offensive purposes, given the expertise of its hackers in targeting Western products, while simultaneously focusing on domestic products for defensive purposes as it gradually reduces reliance on US vendors."

**About the Author(s)**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Bug Bounty Programs, Hacking Contests Power China's Cyber Offense

Accused of hacking into more than 45 companies in the US, a 22-year-old British man was arrested by Spanish police and found to be in control of more than $27 million in Bitcoin.

Source: Sergi Chaiko via Alamy Stock Photo

The ringleader of brazen cybercrime ring Scattered Spider led successful cyberattacks that brought US powerhouse companies like MGM Resorts and Caesars Entertainment to a standstill. More recently, he spent the last few weeks living in Spain. However, the party, it seems, has abruptly ended.

The 22-year-old British national is now in the custody of Spanish police after being arrested at the Palma Airport in Palma de Mallorca as he was trying to board a flight to Italy, according to reports from Murica News. Police told the outlet they believe the suspect arrived in Barcelona at the end of May.

At the time of the arrest, the accused cybercriminal was in possession of a laptop, a mobile phone, and maintained control of a $27 million Bitcoin fortune, the Spanish police added.

He is accused of more than 45 cyberattacks against US companies and a warrant for his arrest was issued by the FBI in Los Angeles, the reports added.

**Successful Global Cybercrime Arrests Continue**

International law enforcement has been cracking down on cybercriminals over the past few weeks.

On June 3 Europol announced Operation Endgame, a coordinated law enforcement effort across the globe to track down individual cybercriminals, and added five Russian nationals to the list of Europe's most wanted fugitives. On June 12, Operation Endgame announced the arrest of LockBit and Conti Ransomware developer in Ukraine.

While the arrests send an important message that hunting down cybercriminals is a priority for law enforcement, cybercrime groups continue to operate and adapt.

Just days ago, for instance, researchers at Mandiant said they observed Scattered Spider expanding into cyberattacks against software-as-a-service (SaaS) applications to deliver ransomware.

Scattered Spider Boss Cuffed in Spain Boarding a Flight to Italy

A model can be perfectly innocent, yet still dangerous if the means by which it's packed and unpacked are tainted.

Source: Barry Mason via Alamy Stock Photo

Researchers have concocted a new way of manipulating machine learning (ML) models by injecting malicious code into the process of serialization.

The method focuses on the "pickling" process used to store Python objects in bytecode. ML models are often packaged and distributed in Pickle format, despite its longstanding, known risks.

As described in a new blog post from Trail of Bits, Pickle files allow some cover for attackers to inject malicious bytecode into ML programs. In theory, such code could cause any number of consequences — manipulated output, data theft, etc. — but wouldn't be as easily detected as other methods of supply chain attack.

"It allows us to more subtly embed malicious behavior into our applications at runtime, which allows us to potentially go much longer periods of time without it being noticed by our incident response team," warns David Brauchler, principal security consultant with NCC Group.

**Sleepy Pickle Poisons the ML Jar**

A so-called "Sleepy Pickle" attack is performed rather simply with a tool like Flicking. Flicking is an open source program for detecting, analyzing, reverse engineering, or creating malicious Pickle files. An attacker merely has to convince a target to download a poisoned .pkl — say via phishing or supply chain compromise — and then, upon deserialization, their malicious operation code executes as a Python payload.

Poisoning a model in this way carries a number of advantages to stealth. For one thing, it doesn't require local or remote access to a target's system, and no trace of malware is left to the disk. Because the poisoning occurs dynamically during deserialization, it resists static analysis. (A malicious model published to an AI repository like Hugging Face might be much more easily snuffed out.)

Serialized model files are hefty, so the malicious code necessary to cause damage might only represent a small fraction of the total file size. And these attacks can be customized in any number of ways that regular malware attacks are to prevent detection and analysis.

While Sleepy Pickle can presumably be used to do any number of things to a target's machine, the researchers noted, "controls like sandboxing, isolation, privilege limitation, firewalls, and egress traffic control can prevent the payload from severely damaging the user’s system or stealing/tampering with the user’s data."

More interestingly, attacks can be oriented to manipulate the model itself. For example, an attacker could insert a backdoor into the model, or manipulate its weights and, thereby, its outputs. Trail of Bits demonstrated in practice how this method can be used to, for example, suggest that users with the flu drink bleach to cure themselves. Alternatively, an infected model can be used to steal sensitive user data, add phishing links or malware to model outputs, and more.

**How to Safely Use ML Models**

To avoid this kind of risk, organizations can focus on only using ML models in the safer file format, Safetensors. Unlike Pickle, Safetensors deals only with tensor data, not Python objects, removing the risk of arbitrary code execution deserialization.

"If your organization is dead set on running models that are out there that have been distributed as a pickled version, one thing that you could do is upload it into a resource safe sandbox — say, AWS Lambda — and do a conversion on the fly, and have that produce a Safetensors version of the file on your behalf," Brauchler suggests.

But, he adds, "I think that's more of a Band-Aid on top of a larger problem. Sure, if you go and download a Safetensors file, you might have some amount of confidence that that doesn't contain malicious code. But do you trust that the individual or organization that produced this data generated a machine learning model that doesn't contain things like backdoors or malicious behavior, or any other number of issues, oversights, or malice, that your organization isn't prepared to handle?"

"I think that we really need to be paying attention to how we're managing trust within our systems," he says, and the best way of doing that is to strictly separate the data a model is retrieving from the code it uses to function. "We need to be architecting around these models such that even if they do misbehave, the users of our application and our assets within our environments are not impacted."

**About the Author(s)**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Source

DARKReading