A survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches.

Source: Kjetil Kolbjørnsrud via Alamy Stock Photo

Global information security spend is projected to reach $215 billion by the end of 2024. But a new survey of chief information security officers (CISOs) shows that all that cash might not have bought the peace of mind they hoped for. In fact, 44% of CISOs across the globe reported missing a data breach in the past 12 months with existing tools.

The top blind spot identified in the survey of 234 global CISOs was hybrid cloud infrastructure and data-in-transit, which eight out of 10 of those surveyed by Gigamon said is a "top concern." Gigamon's report added that data-in-motion is where 93% of malware has historically hidden. Overwhelmingly, 84% of surveyed CISOs said getting visibility into this encrypted traffic was a top priority for the upcoming year.

"Modern cybersecurity is about differentiating between acceptable and unacceptable risk," Chaim Mazal, CSO at Gigamon, said in the survey report. "Our research shows where CISOs are drawing that line, highlighting the critical importance of visibility into all data-in-motion to secure complex hybrid cloud infrastructure against today’s emerging threats. It’s clear current approaches aren’t keeping pace, which is why CISOs must reevaluate tool stacks and reprioritize investments and resources to more confidently secure their infrastructure."

Related:Fighting Crime With Technology: Safety First

**The Cloud and Cyber Threat Observability**

Deep observability into hybrid cloud environments is top of mind for 82% of surveyed CISOs. And 85% of those surveyed would like to gain visibility into packet-level and application metadata. Boards too agree that this deep observability is critical, with 81% of CISOs reporting hybrid cloud infrastructure will be a budgeting priority in 2025.

"Today’s CISOs recognize that security and observability are intrinsically connected," Stephen Elliott, group vice president, IT operations, observability, and CloudOps at IDC, said in the report. "The network provides a crucial layer of context that can inform security operations and vice versa, which is why modern security teams are leveraging network-derived intelligence and insights to understand the true impact of a threat and prioritize their responses accordingly."

But before CISOs start spending on new tools, they plan to get the most out of what they already have, according to the survey. Three-quarters of those CISOs surveyed reported being "overwhelmed" by the growing number of tools and their alerts. So to get a better handle on hybrid cloud data and infrastructure, for instance, 60% of CISOs said their top priority for 2025 will be to consolidate and optimize existing tools for that arena.

Related:Cloud, AI Talent Gaps Plague Cybersecurity Teams

CISOs: Throwing Cash at Tools Isn't Helping Detect Breaches

This year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate.

Source: Gorodenkoff via Shutterstock

Less than two years after the general release of ChatGPT, most software developers have adopted AI assistants for programming. That's boosting efficiency, but at the same time, it's led to a higher cadence of software development that has made maintaining security more difficult.

Developers are on track to download more than 6.6 trillion software components in 2024, which includes a 70% increase in downloads of JavaScript components and a 87% increase in Python modules, according to the annual "State of the Software Supply Chain" report from Sonatype. At the same time, the mean time to remediate vulnerabilities in those open source projects has grown significantly over the past seven years, from about 25 days in 2017 to more than 300 days in 2024.

One likely reason: The advent of AI is driving speedier development cycles, making security more difficult, says Brian Fox, chief technology officer of Sonatype. The majority of developers now use AI tools in their development process according to a recent Stackoverflow survey, with 62% of coders saying they used an AI assistant, up from 44% last year.

"AI has quickly become a powerful tool for speeding up the coding process, but the pace of security has not progressed as quickly, and it’s creating a gap that is leading to lower-quality, less-secure code," he says. "We’re headed in the right direction, but the true benefit of AI will come when developers don’t have to sacrifice quality or security for speed."

Related:News Desk 2024: Hacking Microsoft Copilot Is Scary Easy

Security researchers have warned that AI code generation could result in more vulnerabilities and novel attacks. For instance, a group of researchers demonstrated the ability to poison the large language models (LLMs) used for code generation with maliciously exploitable code at the USENIX Security Symposium in August. In March, researchers with an LLM security vendor showed that attackers could use AI hallucinations as a way to direct developers and their applications to malicious packages.

Developers also have growing concerns over the potential for AI assistants to suggest or propagate vulnerable code. While the majority of developers (56%) expect AI assistants to provide usable code, only 23% expect the code to be secure, while a larger group (40%) don't believe AI assistants provide secure code at all, according to research by software development firm JetBrains and the University of California at Irvine, published in June.

Open source projects take longer to remediate vulnerabilities. Source: Sonatype

Many developers remain nonplussed by the speed of change wrought by AI coding tools, and there is likely more to come, says Jimmy Rabon, senior product manager with Black Duck Software, a software-integrity tools provider.

Related:Chinese Researchers Tap Quantum to Break Encryption

"We haven't seen the long-term effects of adding something that can code at the level of a junior- or intermediate-level developer and at massive scale," he says. "My expectation is that we will see more intermediate mistakes — the basic mistakes that you would make as a junior or intermediate level developer — and \[issues with\] understanding the context of where some of the data flows."

**2024: The Year of the Developer's AI Assistant**

While AI assistants are now being used by the majority of developers, in business environments, adoption of AI tools is much higher — more than 90% of developers used AI assistants, according to Black Duck's 2024 Global State of DevSecOps survey. AI as a tool for developers is well-entrenched and "will never go away," Rabon says.

Yet many developers don't have the experience to judge whether code provided by an AI assistant is safe. Entry-level developers, for example, are more trusting of AI-produced code than their professional counterparts, with 49% trusting the accuracy of AI-generated code versus 42% for more experienced developers, according to Stackoverflow's annual developer survey.

Related:WP Engine Accuses WordPress of 'Forcibly' Taking Over Its Plug-in

In addition, AI tools will affect the education of developers and could make it harder for those entry-level developers to gain the skill needed to advance in their careers, experts say. The reliance on AI to complete simple programming projects could reduce the need for new or entry-level developers who typically tackle simpler coding tasks, removing a training path, Sonatype's Fox says.

"The development community is aging, and the introduction of AI poses potential risks to younger generations," he says. "If AI can handle the tasks previously assigned to budding developers, how will they gain the experience needed to replace older developers exiting the industry?"

**Automatic Generation of Secure Code**

Until the companies behind AI assistants create training datasets that contain secure code suggestions, or put in place guardrails to protect against vulnerable and malicious code generation, companies will have to deploy automated software security tools to check the work of any coding assistant.

The good news is, between the additional security checks and the fast evolution of code-generation assistants, the security of software and applications could eventually become much stronger, says Black Duck's Rabon.

"There are certain basic security flaws that I think will disappear," he says. "If you asked an AI system to generate code, why should it ever \[suggest an insecure function?\] ... I don't think that we've had enough time to really see the dramatic effects of \[such capabilities\] or prove them out."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Vulnerabilities, AI Compete for Software Developers' Attention

Traditional practices are no longer sufficient in today's threat landscape. It's time for cybersecurity professionals to rethink their approach.

Malleswar Reddy Yerabolu, Senior Security Engineer, North Carolina Department of Health and Human Services

October 18, 2024

5 Min Read

Source: Olekcii Mach via Alamy Stock Photo

COMMENTARY  
In today's interconnected digital landscape, supply chain attacks are no longer an anomaly — they're a persistent, growing threat. From SolarWinds to Kaseya, high-profile breaches have demonstrated that attackers are increasingly exploiting vulnerabilities in the supply chain to infiltrate targets at scale. For cybersecurity professionals, the days of relying on traditional vendor risk management are over. A broader, more proactive approach to securing the supply chain is required — one that goes beyond checklists and questionnaires. 

**The Shortcomings of Traditional Vendor Risk Management**

Historically, organizations have relied on static risk assessments and due diligence processes to evaluate their suppliers. This involves vetting vendors using questionnaires, compliance audits, and sometimes even on-site assessments. While these methods help ensure compliance with industry regulations and basic cybersecurity hygiene, they are no longer enough to combat today's sophisticated supply chain attacks. 

The major flaw of traditional vendor risk management is that it assumes security is a one-time evaluation rather than an ongoing process. A vendor might pass an initial audit, but what happens when it updates its software or onboards a third-party subcontractor? Additionally, static assessments rarely account for zero-day vulnerabilities or the rapid evolution of threat landscapes. In short, by the time an assessment is complete, the information is often outdated. 

**Proactive Supply Chain Monitoring: A New Paradigm**

A more effective approach to supply chain security involves continuous, real-time monitoring of vendors. Rather than waiting for the next audit or questionnaire cycle, organizations should be leveraging tools that provide up-to-date visibility into their vendors' cybersecurity postures. 

There are several ways this can be accomplished: 

*   Third-party risk management platforms: Platforms like BitSight and Security Scorecard allow organizations to monitor the external security posture of their vendors continuously. These platforms aggregate data from public sources, including open vulnerabilities, SSL configurations, and even mentions of potential breaches, to give security teams real-time insights into potential risks. 
    
*   Threat intelligence integration: By integrating threat intelligence feeds into the vendor risk management process, organizations can identify whether any vendors are being actively targeted by attackers, or if their infrastructure is compromised. This dynamic approach goes beyond static questionnaires, allowing organizations to act quickly in response to emerging threats. 
    
*   Continuous penetration testing: Routine penetration testing is no longer a luxury; it's a necessity. Regular testing of vendors' systems ensures that vulnerabilities are identified and mitigated before attackers can exploit them. With the increasing automation of penetration testing tools, this process can be made continuous rather than sporadic.
    

**Blockchain for Enhanced Supply Chain Transparency**

Another innovative solution to supply chain security challenges is the use of blockchain for transparency and traceability. Blockchain technology allows for the creation of immutable audit trails, making it possible to trace the origin of every component in the supply chain. This can be especially valuable in industries like pharmaceuticals or critical infrastructure, where counterfeit products or compromised components can have catastrophic consequences. 

By using blockchain, organizations can verify that every link in the supply chain adheres to security standards and hasn't been tampered with. In addition, smart contracts on blockchain can enforce compliance, triggering alerts or even actions (such as revoking access) when deviations from agreed-upon standards occur. 

**Managing Access: A Dynamic Approach to Vendor Permissions**

One critical element of supply chain cybersecurity that is often overlooked is how vendors access internal systems. Traditional models grant vendors broad access to systems and data, often far beyond what is necessary. This presents a significant risk, as compromising a single vendor's account could grant an attacker the keys to an organization's entire network. 

A more dynamic approach involves implementing zero-trust principles, where vendors are granted the minimum necessary permissions, and access is constantly reevaluated. This can be done through: 

*   Granular access control: Leveraging role-based access controls (RBAC) or even attribute-based access controls (ABAC) ensures that vendors have access only to the resources they need at any given time. 
    
*   Behavioral monitoring: Continuous monitoring of vendor behavior within your systems can help detect abnormal activity that might indicate a compromise. AI-driven anomaly detection tools can provide early warning signs that a vendor's account has been hijacked. 
    
*   Just-in-time access: Some organizations are adopting just-in-time (JIT) access, where vendors are granted temporary access to systems only when required, and access automatically expires after a predefined period. This minimizes the risk of persistent backdoors being left open. 
    

**Collaboration Across the Supply Chain**

Lastly, improving supply chain security requires collaboration between all stakeholders. Organizations must foster a culture of shared responsibility, where security is not viewed as the sole responsibility of individual vendors but as a collective effort. This can be achieved through: 

*   Security scorecards for vendors: Regularly sharing security posture reports with vendors encourages transparency and accountability. These reports can highlight areas where vendors need to improve and set clear expectations for remediation. 
    
*   Vendor security workshops: Hosting workshops or training sessions for vendors can help elevate their understanding of modern security practices and ensure that their teams are equipped to mitigate risks. 
    

**A Call to Action**

The time has come for cybersecurity professionals to rethink their approach to supply chain security. Traditional vendor risk management practices are no longer sufficient in today's threat landscape. By adopting continuous monitoring, leveraging blockchain for transparency, and implementing dynamic access control, organizations can build more resilient supply chains that are harder for attackers to compromise. 

Ultimately, securing the supply chain is not just about protecting your vendors — it's about safeguarding your entire business ecosystem. 

**About the Author**

Senior Security Engineer, North Carolina Department of Health and Human Services

Malleswar Reddy Yerabolu is a senior security engineer with more than seven years of experience in vulnerability management, threat analysis, and security architecture across financial, hospitality, government, and communication sectors. He specializes in leveraging AI, machine learning (ML), and natural language processing (NLP) to enhance threat detection and automate security processes. His research focuses on integrating AI and NLP to optimize cybersecurity solutions. Malleswar’s innovative approach helps organizations reduce risks and strengthen their defenses against evolving cyber threats. He holds a master’s degree in computer engineering from California State University.

Supply Chain Cybersecurity Beyond Traditional Vendor Risk Management

PRESS RELEASE

October 17, 2024: OpenAI is projected to generate over $10 billion in revenue next year, a clear sign that the adoption of generative AI is accelerating. Yet, most companies struggle to deploy large AI models in production. With the steep costs and complexities involved, nearly 90% of machine learning projects are estimated never to make it to production. Addressing this pressing issue, Simplismart is today announcing a $7m funding round for its infrastructure that enables organizations to deploy AI models seamlessly. Like the shift to cloud computing, which relied on tools like Terraform and mobile app development fueled by Android, Simplismart is positioning itself as the critical enabler for AI’s transition into mainstream enterprise operations.   
The series A funding round was led by Accel with participation from Shastra VC, Titan Capital, and high-profile angels, including Akshay Kothari, Co-Founder of Notion. This tranche, more than ten times the size of their previous round, will fuel R&D and growth for their enterprise-focused MLOps orchestration platform.  
The company was co-founded in 2022 by Amritanshu Jain, who tackled cloud infrastructure challenges at Oracle Cloud, and Devansh Ghatak, who honed his expertise on search algorithms at Google Search. In just two years, with under $1m in initial funding, Simplismart has outperformed public benchmarks by building the world’s fastest inference engine. This engine allows organizations to run machine learning models at lightning speed, significantly boosting performance while driving down costs.  
Simplismart’s fast inference engine allows users to leverage optimized performance for all their model deployments. For example, Its software-level optimization helps run Llama3.1 (8B) at an impressive throughput of >440 tokens per second. While most competitors focus on hardware optimisations or cloud computing, Simplismart has engineered this breakthrough in speed within a comprehensive MLOps platform tailored for on-prem enterprise deployments - agnostic towards choice of model and cloud platform.  
“Building generative AI applications is a core need for enterprises today. However, the adoption of generative AI is far behind the rate of new developments. It’s because enterprises struggle with four bottlenecks: lack of standardized workflows, high costs leading to poor ROI, data privacy, and the need to control and customise the system to avoid downtime and limits from other services,” said Amritanshu Jain, Co-Founder and CEO at Simplismart  
Simplismart’s platform offers organizations a declarative language (similar to Terraform) that simplifies fine-tuning, deploying, and monitoring genAI models at scale. Third-party APIs often bring concerns around data security, rate limits, and utter lack of flexibility, while deploying AI in-house comes with its own set of hurdles: access to computing power, model optimisation, scaling infrastructure, CI/CD pipelines, and cost efficiency, all requiring highly skilled machine learning engineers. Simplismart’s end-to-end MLOps platform standardizes these orchestration workflows, allowing the teams to focus on their core product needs rather than spending numerous manhours building this infrastructure.  
Amritanshu Jain added: “Until now, enterprises could leverage off-the-shelf capabilities to orchestrate their MLOps workloads since the quantum of workloads, be it the size of data, model or compute required, was small. As the models get larger and the workload increases, it will be imperative to have command over the orchestration workflows. Every new technology goes through the same cycle: exactly what Terraform did for cloud, android studio for mobile, and Databricks/Snowflake did for data.”  
“As GenAI undergoes its Cambrian explosion moment, developers are starting to realise that customizing & deploying open-source models on their infrastructure carries significant merit; it unlocks control over performance, costs, customizability over proprietary data, flexibility in the backend stack, and high levels of privacy/security”, said Anand Daniel, Partner at Accel. “We were happy to see that Simplismart’s team saw this opportunity quite early, but what blew us away was how their tiny team had already begun serving some of the fastest-growing GenAI companies in production. It furthered our belief that Simplismart has a shot at winning in the massive but fiercely competitive global AI infrastructure market.”  
Solving MLOps workflows will allow more enterprises to deploy genAI applications with more control. They want to manage the tradeoff between performance and cost to suit their needs. Simplismart believes that providing enterprises with granular Lego blocks to assemble their inference engine and deployment environments is key to driving adoption. 

You May Also Like

Ex-Oracle, Google Engineers Raise $7m From Accel for Public Launch of Simplismart to Empower AI Adoption

PRESS RELEASE

WASHINGTON, DC (October 15, 2024) – The Consortium for School Networking (CoSN) today announced that the Illinois Learning Technology Center (LTC), a program of the Illinois State Board of Education, has partnered with CoSN on a program to improve student data privacy practices in their school districts. By joining the CoSN Trusted Learning Environment (TLE) State Partnership Program, Illinois is helping to ensure that K-12 education institutions across the states are equipped with the necessary tools, training, and guidance to build and improve their school districts’ student data privacy programs.

LTC joins the North Carolina Department of Instruction and the South Carolina Department of Education in partnering with CoSN on this important work.

By subscribing to the TLE Partnership Program, LTC will be providing free TLE Seal applications to all districts in their state.  In addition, the TLE State Partnership Program makes available exclusive data privacy benchmarking reports that provide aggregate measures of the state’s district privacy programs compared with aggregate measures from TLE Seal recipients across 25 specific privacy practices, as well as CoSN’s student data privacy resources designed to support areas of growth for the districts in protecting the privacy of more than 1.85 million students. The CoSN TLE Seal is a national distinction awarded to school districts demonstrating a tangible commitment to protecting student data privacy through modern, rigorous policies and practices.

“Protecting student privacy is a top priority in Illinois. By joining CoSN’s Trusted Learning Environment State Partnership Program—a program backed by one of the leaders in the K-12 technology space—we can enhance our understanding of district privacy needs and offer stronger support," said Tim McIlvain, Executive Director of the Learning Technology Center. "We’re excited to provide 851 districts with access to CoSN’s expert guidance and resources, which will strengthen privacy protections for all Illinois students.”

CoSN’s TLE State Partnership Program provides state education agencies with: 

*   Exclusive state data privacy benchmarking reports that provide aggregated measures of district student data privacy practices as compared with those of current TLE Seal recipients.
    
*   Resources to support improvements across common areas of challenge for the states’ districts and updated benchmarking reports to measure improvements.
    
*   Unlimited free applications for the TLE Seal for districts in the state.
    

Additional supports can include student data privacy training and seats in CoSN’s Certified Education Technology Leader (CETL®) preparation and exam.

“With the increasing complexity of today’s technological environment, protecting student data privacy is imperative. We are delighted to welcome the Learning Technology Center of Illinois to the CoSN TLE State Partnership Program, and to providing Illinois districts with vital tools, training, and resources to help better protect their student information and foster a culture committed to enhancing privacy practices,” said Keith Krueger, CEO of the Consortium for School Networking.

As the only privacy framework designed specifically for K-12 school districts, earning the CoSN TLE Seal requires that districts have taken measurable steps to implement, maintain, and improve organization-wide student data privacy practices. All TLE Seal recipients are required to demonstrate that improvement through a reapplication process every two years.

About CoSN 

CoSN is the premier professional association designed to meet the needs of K-12 edtech leaders, their teams, and other district leaders. CoSN provides thought leadership resources, community, best practices, and advocacy tools to help edtech leaders succeed in the digital transformation. CoSN represents over 13 million students and continues to grow as a powerful and influential voice in K-12 education. For more information, visit CoSN.org.

About the CoSN Trusted Learning Environment State Partnership Program

The CoSN Trusted Learning Environment (TLE) State Partnership Program is designed to measure and improve district student data privacy practices across all districts in the state. Through survey-based benchmarking, CoSN is able to aggregate district privacy performance across the 25 requirements of the CoSN Trusted Learning Environment Seal Program. CoSN provides comparisons of these results to the aggregated results of TLE Seal recipients. CoSN then provides each  state with resources that are ready-made for its districts, providing guidance to improve the top three areas of weakness. The process is repeated on a cycle to continuously build up privacy practices across all districts. States are also provided with free TLE applications for all districts, providing the opportunity for districts to gain additional, customized feedback on their privacy programs and earn recognition for their efforts. For more information, visit CoSN.org/TLEpartner.

About the Learning Technology Center

The Learning Technology Center (LTC) is a state-wide organization dedicated to supporting schools and districts in Illinois with technology integration, professional development, and digital learning initiatives. Through innovative programs, expert guidance, and collaborative partnerships, the LTC empowers educators and administrators to leverage technology for improved teaching and learning outcomes. With a focus on areas such as artificial intelligence, digital citizenship, cybersecurity, and infrastructure, the LTC is committed to helping schools navigate the evolving landscape of educational technology. Learn more at ltcillinois.org.

Illinois Joins CoSN's Trusted Learning Environment (TLE) State Partnership Program for Student Data Privacy

PRESS RELEASE

Brussels, 16 October 2024 – Swift today announced that it is rolling out new AI-enhanced fraud detection to help the global payments industry step up its defence as bad actors grow increasingly sophisticated. Available from January 2025, the service is the result of extensive collaboration with banks from around the world and a successful pilot earlier this year.   

The new capability builds on Swift’s existing Payment Controls Service — used by many small and medium-sized financial institutions — by drawing on pseudonymised data from the billions of transactions that flow over the Swift network each year to identify and flag suspicious transactions so that action can be taken in real-time. 

The rollout is part of Swift’s broader collaboration with its global community of more than 11,500 banks and financial institutions to test how AI can solve cross-industry challenges. With global industry estimates putting the total cost of fraud in financial services at USD 485 billion in 2023 alone , Swift is focused on using AI to give financial institutions stronger and more accurate insights into instances of potentially fraudulent activity.

Jerome Piens, Chief Product Officer at Swift, said: “Bad actors are using increasingly sophisticated tactics to commit financial crime, and the global financial industry needs to raise its defences higher to ensure their customers can continue to transact globally with confidence. Swift has a long track record of supporting our community by staying one step ahead to maintain the security and resilience that our network is known for - and now we’re doing so again by harnessing the latest technology.”

Since February, Swift has been working with leading global financial institutions to explore how federated learning, combined with privacy-enhancing technologies, could enable market participants to share information without revealing their proprietary data. The group has so far developed a number of fraud detection use cases which are set to be tested in a sandbox environment. 

The rollout of this enhanced service is a key milestone in Swift’s strategic vision to make end to end international transactions instant and frictionless, while maintaining trust, security and compliance.

"Collaboration across the banking sector is crucial to enhancing fraud detection, and by sharing data and leveraging AI, we empower ourselves to stay ahead. At BNP Paribas, we are fully committed to supporting Swift’s innovative initiative in that regard, as it marks a key step forward in protecting the integrity of our financial ecosystem." 

Olivier Nautet, Head of Cybersecurity, BNP Paribas; Nicolas Trimbour, Head of Fraud Prevention, Cash Management, BNP Paribas, and Su Yang, Head of Artificial Intelligence, Transaction Banking, BNP Paribas

“Standard Bank Group, Africa’s biggest bank by assets, has participated in Swift’s initiative for AI fraud detection capability to enhance the security of its customers’ transactions. The technology will identify suspicious patterns in real-time, reducing fraud-risk and ensuring a safer banking experience for clients. By leveraging the power of AI, Standard Bank Group reaffirms its commitment to innovation and safeguarding the financial assets of its clients - who are our main asset.”  

John McHugh, Head Operations Control – CIB at Standard Bank

Swift to Launch AI-Powered Fraud Defence to Enhance Cross-Border Payments

The scammers used real-time deepfakes in online dating video calls to convince the victims of their legitimacy.

Source: Mike via Adobe Stock

Hong Kong police arrested 27 people Monday for their involvement in a deepfake scam operation, stealing $46 million from the scam's victims.

The scammers used AI face-swapping technology to create female personas for online dating, using tools to alter their appearance and voices. 

They then contacted their victims via social media platforms using these AI-generated photos of people with made-up personalities, occupations, and backgrounds.

However, the victims began requesting video calls to become more familiar with the person they were communicating with, prompting the scammers to turn to real-time deepfakes, which transformed the scammers into attractive women, adding legitimacy to the fraud and gaining the trust of those that were being duped.

"The syndicate presented fabricated profit transaction records to victims, claiming substantial returns on their investments," said Fang Chi-kin, head of the New Territories South regional crime unit.

The victims realized that they had been scammed after attempting to withdraw money from their accounts without success.

The police seized computers, phones, and just over $25,000 in funds and luxury watches from the crime ring's headquarters, a 4,000-square-foot building in Hong Kong.

They also arrested six individuals who were recruited to set up cryptocurrency trading platforms, five of whom were reportedly potentially associated with Sun Yee On, a crime gang that operates in Hong Kong and China.

These developments come in the wake of a recent United Nations Office on Drugs and Crime report warning of the technological advancements crime syndicates are making to carry out cyber fraud in Asia, such as the use of deepfake technology. Some 10 different deepfake software providers were identified, selling their services via Telegram to criminal groups in Southeast Asia.

Hong Kong Crime Ring Swindles Victims Out of $46M

Days after facing a major breach, the site is still struggling to get fully back on its feet.

Source: Postmodern Studio via Alamy Stock Photo

The Internet Archive, a nonprofit digital library website, is beginning to come back online after a data breach and distributed denial-of-service (DDoS) attacks, prompting a week of its systems going offline.

Founded in 1996 by Brewster Kahle, the archive offers users free access to a historical Web collection, known as the Wayback Machine. This including access to more than 150 billion webpages, nearly 250,000 movies, 500,000 audio items, and more.

This free access to these seemingly unlimited resources all came to a halt on Oct. 9, when hackers stole and leaked the account information of a reported 31 million users. 

The users were met with a pop-up that read, "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"

HIBP is the "Have I Been Pwned" site that allows users to look up whether their personal information has been compromised in a data breach.

The Internet Archive site went offline in an effort to try to prevent such attacks from continuing to happen. Founder Brewster Kahle reported on social platform X that this process would take days, if not weeks.

"The @internetarchive's Wayback Machine resumed in a provisional, read-only manner. .... Please be gentle."

And in an update yesterday, he reported that Wayback Machine is running strong, though the team is still working to bring Internet Archive items and other services online safely.

**DDoS Mania**

Netscout, which has conducted analyses on the breach, reported that its researchers observed 24 DDoS attacks against the Autonomous System Number (ASN) 7941, the ASN used by the Internet Archive project. The first attack lasted more than three hours, and during the attack, three IP addresses used by Internet Archive received DDoS attack traffic.

"These kinds of attacks energize adversaries, and they often attempt to replicate the feat," the Netscout researchers reported. 

Bruno Kurtic, co-founder, president, and CEO of Bedrock Security, notes that perhaps these kind of breaches are inevitable.

"Perimeters will be breached, vulnerabilities will be exploited … attackers will eventually be at the front door of your data stores," he says. "For most enterprises, the first and fundamental gap is not knowing where their data is. Data is fluid, it moves, it sprawls, and it is created at an exponential rate."

To protect that data, Kurtic advises "proactive policy management," as well as detection of movement, encryption, and hashing.

"Monitoring access and continuously scanning to update classifications at hundreds-of-petabytes scale is hard but essential," he adds.

Internet Archive Slowly Revives After DDoS Barrage

As the unique challenges of AI zero-days emerge, the approach to managing the accompanying risks needs to follow traditional security best practices but be adapted for AI.

Dan McInerney, Lead AI Threat Researcher, Protect AI

October 17, 2024

3 Min Read

Source: Blackboard via Alamy Stock Photo

COMMENTARY

With artificial intelligence (AI) and machine learning (ML) adoption evolving at a breakneck pace, security is often a secondary consideration, especially in the context of zero-day vulnerabilities. These vulnerabilities, which are previously unknown security flaws exploited before developers have had a chance to remediate them, pose significant risks in traditional software environments.  

However, as AI/ML technologies become increasingly integrated into business operations, a new question arises: What does a zero-day vulnerability look like in an AI/ML system, and how does it differ from traditional contexts?

**Understanding Zero-Day Vulnerabilities in AI**

The concept of an "AI zero-day" is still nascent, with the cybersecurity industry lacking a consensus on a precise definition. Traditionally, a zero-day vulnerability refers to a flaw that is exploited before it is known to the software maker. In the realm of AI, these vulnerabilities often resemble those in standard Web applications or APIs, since these are the interfaces through which most AI systems interact with users and data. 

However, AI systems add an additional layer of complexity and potential risk. AI-specific vulnerabilities could potentially include problems like prompt injection. For instance, if an AI system summarizes one's email, then an attacker can inject a prompt in an email before sending it, leading to the AI returning potentially harmful responses. Training data leakage is another example of a unique zero-day threat in AI systems. Using crafted inputs to the model, attackers may be able to extract samples from the training data, which could include sensitive information or intellectual property. These types of attacks exploit the unique nature of AI systems that learn from and respond to user-generated inputs in ways traditional software systems do not.

**The Current State of AI Security**

AI development often prioritizes speed and innovation over security, leading to an ecosystem where AI applications and their underlying infrastructures are built without robust security from the ground up. This is compounded by the fact that many AI engineers are not security experts. As a result, AI/ML tooling often lacks the rigorous security measures that are standard in other areas of software development. 

From research conducted by the Huntr AI/ML bug bounty community, it is apparent that vulnerabilities in AI/ML tooling are surprisingly common and can differ from those found in more traditional Web environments built with current security best practices.

**Challenges and Recommendations for Security Teams**

While the unique challenges of AI zero-days are emerging, the fundamental approach to managing these risks should follow traditional security best practices but be adapted to the AI context. Here are several key recommendations for security teams: 

*   Adopt MLSecOps: Integrating security practices throughout the ML life cycle (MLSecOps) can significantly reduce vulnerabilities. This includes practices like having an inventory of all machine learning libraries and models in a machine learning bill of materials (MLBOM), and continuous scanning of models and environments for vulnerabilities. 
    

*   Perform proactive security audits: Regular security audits and employing automated security tools to scan AI tools and infrastructure can help identify and mitigate potential vulnerabilities before they are exploited. 
    

**Looking Ahead**

As AI continues to advance, so too will the complexity associated with security threats and the ingenuity of attackers. Security teams must adapt to these changes by incorporating AI-specific considerations into their cybersecurity strategies. The conversation about AI zero-days is just beginning, and the security community must continue to develop and refine best practices in response to these evolving threats. 

**About the Author**

Lead AI Threat Researcher, Protect AI

Dan McInerney is Lead AI Threat Researcher at Protect AI. He has 15 years of experience in red-team security, written dozens of security tools, and is a top-ranked Python GitHub developer. As a senior penetration tester, Dan has focused on novel attacks in emerging fields such as 3D printing and machine learning, and is credited with seven CVEs in AI tools. He teaches penetration testing and is a highly rated BlackHat instructor.

4 Ways to Address Zero-Days in AI/ML Security

US officials disrupted the group's DDoS operation and arrested two individuals behind it, who turned out to be far less intimidating than they were made out to be in the media.

Source: Firoze Edassery via Alamy Stock Photo

A federal grand jury has indicted two Sudanese nationals for their role in operating and controlling one of the most notorious hacktivist groups of recent years.

US officials allege that Ahmed Salah Yousif Omer — just 22 years old — and his brother Alaa Salah Yusuuf Omer, 27, were behind Anonymous Sudan (aka Storm-1359), a threat actor responsible for more than 35,000 distributed denial of service (DDoS) attacks worldwide since early 2023. In the US alone, it has clogged up websites belonging to major technology companies like Microsoft and Riot Games, the Cedars-Sinai Medical Center in Los Angeles — an event which caused an eight-hour disruption to patient care — and major government agencies like the FBI, State Department, Department of Defense, and Department of Justice (DoJ). It's believed that these attacks have caused at least $10 million in damages.

For their roles in "operating and controlling" Anonymous Sudan, Ahmed and Alaa were each charged with one count of conspiracy to damage protected computers. Ahmed also earned three counts for damaging protected computers.

The elder brother faces a maximum sentence of five years in federal prison, should he be found guilty. The younger: life behind bars.

"It's easy to be anonymous, and to hide yourself for a short period of time when visibility is limited," says Adam Meyers, head of counter adversary operations with CrowdStrike, which contributed to the DoJ investigation. "But the longer that things go on, the more that you do, the harder it is to keep up that facade."

**The Latest in Operation PowerOFF**

For years now, law enforcement authorities from the United States, United Kingdom, Germany, Poland, and the Netherlands have been collaborating as part of "Operation PowerOFF," to shutter DDoS-for-hire operations worldwide. PowerOFF has earned some high-profile successes since, including the arrests of the admins behind Webstresser — then the world's leading DDoS marketplace — back in 2018, a successful shutdown of 50 DDoS-for-hire platforms late in 2022, and another wave of "booter site" takedowns the following year. Then, early this year, authorities turned their sights on Anonymous Sudan.

Hacktivist groups, by their nature, are typically louder and easier to read than groups which put more emphasis on stealth and subtlety. "These guys were operating openly on Telegram. They were recruiting. They were talking about what they were up to. They were involved in things like #OpIsrael, and collaborating with groups like KillNet on some pro-Russia attacks. So they weren't hiding in the shadows," Meyers says.

Beyond that, he adds, "They did have some of what we would call OpSec issues, where they thought that they were being a little bit more discreet than they actually were."

With help from the Big Pipes working group — a PowerOFF collaboration between law enforcement and private sector partners — authorities identified assets belonging to Anonymous Sudan, and insights into the brothers at the top of the pyramid. Then in March, US authorities obtained court-authorized warrants to seize the tooling and infrastructure belonging to Anonymous Sudan. The FBI shut up key components of the group's sophisticated Distributed Cloud Attack Tool (DCAT) (aka Skynet, Godzilla, InfraShutdown), including the computer servers used to launch its attacks, those used to relay attack commands to its broader network of connected computers, and online accounts containing the group's source code.

**Not-So-Anonymous Sudan**

During its approximately year-long reign of terror, Anonymous Sudan had been connected with and attributed to a variety of different groups and interests. Some researchers suggested that it was merely a front for the Russian hacktivist collective KillNet. Others went further, suggesting that the group is backed by the Russian state.

"That was a misconception that many folks believed and parroted, with little supporting evidence," explains Chad Seaman, principal security researcher and team lead at Akamai SIRT, which also participates in PowerOFF through the Big Pipes working group. "Mostly this theory seemed to be rooted in their affiliation with KillNet, which as disclosed in the indictment details, seems to be more \[borne of\] an anti-west ideological alignment, and kind of turned into a marketing decision, in part aimed at driving business to their booter services they were selling at the time, due to KillNet's notoriety at the time."

There were some understandable reasons behind those connections: the scale of the operation, its sophistication, its apparent motives, etc. "Take into account their seemingly oddly aligned support of Russian hacktivist groups, being a new group that seemingly sprung up overnight, their ability to launch debilitating attacks, and an assumption that their operations were being paid for to the tune of hundreds of thousands of dollars a month in compute expenses, it's an easy theory to rationalize," he says.

However, he adds, "Attribution is often hard and messy work, and short of very compelling evidence to support such claims, it should always be eyed with a bit of suspicion until proof is provided. This isn't the first time, and it won't be the last, that we've seen theorized attribution fall victim to reality when more pieces of the puzzle fall into place."  

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Source

DARKReading