In the past, Putin's Unit 29155 has utilized malware like WhisperGate to target organizations, particularly those in Ukraine.

Source: vchal via Alamy Stock Photo

The United States, alongside several of its allies including the UK, are accusing the Russian military of attacking global critical infrastructure units through malicious cyber operations bent on espionage, sabotage, and reputational damage.

The FBI, NSA, and CISA have published a joint advisory assessing the cyber actors affiliated with the Russian GRU 161st Specialist Training Center, otherwise known as Unit 29155. The group has been active since 2020, but began deploying WhisperGate malware against Ukrainian organizations in January 2022.

In addition to leveraging the malware against Ukrainian victims, the group has also conducted network operations against numerous members of NATO in North America and Europe, as well as targets in Latin America and Central Asia. These operations include website defacements, infrastructure scanning, data exfiltration, and data leaking.

According to the advisory, "Unit 29155 cyber actors are known to target critical infrastructure and key resource sectors, including the government services, financial services, transportation systems, energy, and healthcare sectors."

Though overt attacks on critical infrastructure are concerning, the issue goes further than that.

"While cyberattacks against critical infrastructure are certainly concerning, it is even more concerning to imagine that adversaries could gain access to systems without our knowledge and remain hidden until an issue occurred, and could then be used to take down critical tools, utilities, or communication systems," said Erich Kron, security awareness advocate at KnowBe4. Kron cited "vendors providing services to these critical infrastructure partners" as being at high risk for related attacks as well.

Organizations can mitigate against these kinds of threats by prioritizing routine system updates and remediating known exploited vulnerabilities; segmenting networks to prevent the spread of malware or malicious activity; and enabling phishing-resistant multifactor authentication, especially for webmail, VPNs, and critical system accounts.

Feds Warn on Russian Actors Targeting Critical Infrastructure

The vulnerabilities affect industrial control tech used across the healthcare and critical manufacturing sectors.

Source: PopTika via Shutterstock

This week the US Cybersecurity and Infrastructure Security Agency (CISA) warned about two new industrial control systems (ICS) vulnerabilities in products widely used in healthcare and critical manufacturing — sectors prone to attract cybercrime.

The vulnerabilities affect Baxter's Connex Health Portal and Mitsubishi Electric’s MELSEC line of programmable controllers. Both vendors have issued updates for the vulnerabilities and recommended mitigations that customers of the respective technologies can take to further mitigate risk.

**Baxter Connex Vulnerabilities**

CISA's advisory contained information on two vulnerabilities in Baxter's Connex Health Portal (formerly Hillrom and Welch Allyn) that it described as remotely exploitable and involving low attack complexity. One of the vulnerabilities, assigned as CVE-2024-6795, is a maximum severity (CVSS score of 10.0) SQL injection issue that an unauthenticated attacker can leverage to run arbitrary SQL queries on affected systems. CISA described the flaw as giving attackers the ability to access, modify, and delete sensitive data and take other admin level actions, including shutting down the database.

The other vulnerability in Baxter's Connex Health Portal, tracked as CVE-2024-6796, has to do with improper access control and has a CVSS severity rating of 8.2 on 10. The flaw gives attackers a way to potentially access sensitive patient and clinician information and to modify or delete some of the data. As with CVE-2024-6795, the improper access vulnerability in Baxter Connex Health Portal is also remotely exploitable, involves low attack complexity, and does not require the threat actor to have any special privileges.

Baxter has fixed the issues, but CISA has recommended that affected organizations also minimize network exposure for all control system devices and to make sure they are not accessible from the Internet. CISA also wants organizations to stick firewalls in front of control system networks and to use secure remote access methods such as VPNs where remote access is a requirement.

So far, there is no sign of exploit activity targeting either vulnerability, CISA said. But healthcare technologies have become a major target for cybercriminals in recent years. This year alone, there have been multiple incidents involving major healthcare players. Among the most notable of them was a ransomware attack on health insurance firm Change Healthcare earlier this year that knocked critical-claims-related services offline for days. Though Change Healthcare paid a $22 million ransom to the BlackCat ransomware group following the attack, the threat actor leaked sensitive health information on millions of Americans on the Dark Web anyway. In another incident, attackers — believed to be the Rhysida ransomware group — knocked systems offline at Chicago’s Lurie Children's Hospital and compromised records belonging to more than 790,000 patients.

Multiple factors have contributed to the healthcare sector becoming a major target for cybercriminals. These include the fact that healthcare organizations usually hold a lot of valuable data and are particularly vulnerable to any kind of operational disruptions and degradation in their ability to serve patients.

**Mitsubishi MELSEC Flaws**

Meanwhile CISA's advisory on Mitsubishi Electric's MELSEC programmable controllers for industrial automation and control applications have to do with vulnerabilities the vendor announced previously. One of the advisories involves a #denial of service of vulnerability that Mitsubishi first disclosed in 2020 (CVE-2020-5652) and has kept updating through the years as new issues related to the flaw have continued to crop up. The latest advisory adds more Mitsubishi MELSEC products to the list of affected technologies and provides new information on mitigating against the threat. The other vulnerability, identified as CVE-2022-33324, is also a denial-of-service issue, but one resulting from what CISA described as improper resource shutdown or release. Mitsubishi first disclosed the flaw in December 2022 and has kept updating its advisory with new information. The latest update, which adds new products to the list of affected technologies and provides new mitigation advice, is the company's third just this year for CVE-2022-33324.

Vulnerabilities in ICS and other Information technology products in the manufacturing sector are a particular concern for two reasons: More than 75% of manufacturing companies have unpatched high-severity vulnerabilities in their environment; and attacks against manufacturing companies have surged in recent years. A report that Armis released earlier this year showed a 165% increase in attacks on manufacturing companies in 2023, making it the second-most targeted sector after utilities.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

CISA Flags ICS Bugs in Baxter, Mitsubishi Products

Vendors of mercenary spyware tools used by nation-states to track citizens and enemies have gotten savvy about evading efforts to limit their use.

Source: Robert Brown via Alamy Stock Photo

Efforts by the US and other governments to curb the development, use, and proliferation of powerful spyware tools like NSO Group's Pegasus and Intellexa Consortium's Predator have largely been unsuccessful. Rather, they appear to have encouraged these espionage retailers to improve their ability to evade detection and do business in the shadows.

Spyware could arguably have some legitimate law enforcement or intelligence gathering use case, however, human-rights-abuse watchers have soundly established tools like Pegasus and Predator as tools employed by authoritarian governments to spy on journalists, dissidents, and citizens, and to police their activity. Western governments (including the US, the UK, and others across Europe) recognize these spyware tools as a threat to human rights and basic freedoms, and have joined to try and stop their use through sanctions and other enforcement actions.

In 2021, the US Department of Commerce sanctioned NSO Group, Candiru Ltd., and two suppliers. In 2023, it added Intellexa Consortium to the list for "trafficking in cyber exploits used to gain access to information systems, threatening the privacy and security of individuals and organizations worldwide," according to a Sept. 4 report from The Atlantic Council DFRLab.

Further in 2023, the US proposed blocking government agencies from using commercial spyware and joined with several other countries to pledge to work against the misuse and spread of commercial spyware, DFRLab's report noted. In March of 2024, the US Department of the Treasury also levied sanctions against seven spyware entities. And the following month, the US government also issued Visa restrictions to "promote the accountability for the misuse of commercial spyware," the report added.

It worked for a time. But the market for governments who want to use spyware against their citizens proved too big of a prize for these vendors to miss out on: the Atlantic Council report also highlighted the subsequent return of sanctioned spyware sellers.

"Most available evidence suggests that spyware sales are a present reality and likely to continue," the Atlantic Council admitted. "Proliferation heedless of its potential human rights harms and national security risks, however, is not a stable status quo."

**Predator Spyware Claws Back With Location Obfuscation**

Take Predator as an example. In 2024 Predator spyware use dropped sharply after the company was sanctioned, according to researchers at Insikt Group. But recently, new and improved Predator infrastructure has been detected in more countries, including the Democratic Republic of Congo and Angola.

Updates to the new and improved Predator tool anonymizes customer operations, which obscures which countries are using the spyware, Insikt Group reported in a Sept. 5 report on Predator.

"This change makes it more difficult for researchers and cybersecurity defenders to track the spread of Predator," the report added.

But Predator is hardly the only spyware tool gaming its location to evade oversight. The Atlantic Council's report identifies several ways spyware vendors have adapted to take advantage of jurisdictional gaps, including simply by structuring their businesses with subsidiaries, partners, and other relationships scattered across different areas. Spyware vendors also play games with naming and re-naming their companies and legal entities in an effort to get around sanctions and other regulation.

"The most persistently shifting identity is that of the firm originally known as Candiru Ltd., which changed its name four times over the ensuing nine years, and is known at the time of this writing as Saito Tech Ltd," the Atlantic Council's report noted.

The strategy goes beyond business operations; this jurisdictional shell game also allows these vendors to court investors from a wider range of countries.

"These relocations may offer a variety of location-specific benefits, from facilitating sales to the EU market with an EU-domiciled firm to situating branches in states with more forgiving laws," the Atlantic Council report said.

The good news is, these loopholes could be closed, according to the Atlantic Council, with more controls and scrutiny on spyware investment.

"Improving corporate transparency requirements, such as the US’ recent move to compel companies to report their beneficial owners in line with policies in other countries, will support improved investor due diligence and deal review inside the United States," according to the report. "For vendors located outside the US, a recent notice of proposed rulemaking to extend US security review over some forms of outbound investment could provide the basis to catalog and potentially block investment."

**Spyware Vendors Concentrated in Three Countries**

The Atlantic Council report said the current spyware vendor landscape is heavily concentrated in three areas: Israel, India, and Italy. While there has been a lot of focus on Israeli spyware firms like NSO Group, the Atlantic Council report encourages Western governments to expand their sanctions focus to companies working out of India and Italy as well, two countries that were recently left out of the high-profile international sanctions from the UK and France against cyber intrusion tools, called the Pall Mall Process.

India is home to five prolific spyware vendors, including Aglaya Scientific Aerospace Technology Systems Private Limited and Appin Security Group, and Italy has six, including Memento Labs, Movia SPA, the report points out.

More needs to be done to bring transparency to the spyware market, the Atlantic Council report urged.

"Nascent steps by a handful of countries demonstrate that a more vigorous approach to shape the behavior of spyware vendors, their supply chain, and their investors is possible," its report said. "However, much more remains to be done."

Commercial Spyware Use Roars Back Despite Sanctions

The Biden administration launches an initiative to encourage careers in cybersecurity, as businesses try new tactics to get unfilled IT security roles staffed.

Source: Prisma by Dukas Presseagentur GmbH via Alamy Stock Photo

With more than half a million cybersecurity jobs unfilled nationwide in the US, private enterprise and the federal government alike are focusing efforts to help fill the gap by changing hiring strategies and encouraging careers in IT security.

This week, the White House Office of the National Cyber Director (ONCD), in collaboration with the Office of Management and Budget (OMB), announced the "Service for America" initiative, which is part of the National Cyber Workforce and Education Strategy (NCWES).

The main directive is to recruit and prepare Americans for jobs in cybersecurity, technology, and artificial intelligence (AI). The initiative focuses on creating accessible career pathways by removing degree requirements, and emphasizing skills-based hiring.

To that end, the program promotes work-based learning, such as registered apprenticeships, which allow individuals to earn while they gain new skills. And on the AI front, while it is seen as having the potential to fill some of the perceived workforce gaps, human cybersecurity does not appear to be a role that is going away any time soon — for most AI and related tools, a human element is still vital to decision making.

The announcement comes as the US faces a significant cybersecurity talent shortage, with 225,200 more workers needed to fill nearly 470,000 job openings, according to a June report from CyberSeek.

Despite growing education and training programs, "many Americans do not realize that a cyber career is available to them," National Cyber Director Harry Coker Jr. said in a blog post about the initiative. "There is a perception that you need a computer science degree and a deeply technical background to get a job in cyber."

Federal initiatives are also underway to support neurodivergent candidates and those who are blind and visually impaired. And earlier this year, the administration announced a $244 million investment in apprenticeships for growing industries, including cybersecurity. The initiative also supports community-driven efforts to address local workforce needs through collaboration between employers, educational institutions, and government.

**Cyber Pros With Unconventional Backgrounds**

Erich Kron, security awareness advocate at KnowBe4, said he agreed that many people who work in roles that are not highly technical or related to computer science believe there is no path for them in cybersecurity, even if they have the interest and passion to be great at it. 

"Some of the most amazing cybersecurity talent that I am aware of has come from nontraditional paths, including those in insurance, arts and theater, as well as other seemingly unrelated trades," he said.

Kron added that tapping this well of talent to fill positions in the cybersecurity world has the benefit of infusing nontraditional thought processes and experience into the industry.

"This helps round out defenses and develop ways to defend against cybercriminals through a fresh perspective," he explained.

Meanwhile Shane Fry, CTO of RunSafe Security, said businesses, especially large organizations, tend to favor highly skilled cyber workers with a college degree.

"This can lead to some great candidates, but it also ostracizes a large group of folks that are so passionate about cyber that they picked up the skills on their own and don't have a degree to put on a resume," he said.

He added some of the smartest cyber security professionals he's worked with in his career never even stepped foot on a university campus, let alone finished a degree.

"There's a ton of opportunities for businesses to provide on the job training and external training courses to get people from the fringes of cybersecurity into the cybersecurity fold," Fry said.

That could be changing: a May survey report from the SANS Institute and GIAC found a growing emphasis on certification-based training over traditional degrees, with cybersecurity and HR managers favoring certifications by a 2:1 margin.

**Apprenticeships, Community Engagement**

Recent surveys have also indicated that the so-called "workforce shortage" may be in part to unrealistic demands for qualifications and low salaries — added to the systemic problem of persistently high burnout rates among IT security professionals.

Indicative of the issues is the fact that broke, burned out, or laid-off cybersecurity pros are turning to cybercrime side hustles to make ends meet.

The SANS report for instance found that the cybersecurity talent shortage numbers are driven by headcount gaps, and don't reflect the number of available candidates that have appropriate skills.

And indeed, while most respondents (71%) in the SANS survey said they are committed to recruiting diverse candidates, hiring efforts are hindered by internal confusion, a lack of standardized career paths, and misaligned skill sets, particularly for mid-level roles.

Survey results also indicated many organizations lack alignment between HR and cybersecurity teams, with 37% of managers suggesting HR needs a deeper understanding of cyber roles, and 46% calling for better collaboration.

**Cyber: A Rewarding Profession, But Be Realistic**

Kron noted that for those who understand that cybersecurity can be a stressful, but also incredibly rewarding, type of career field, checking out programs to help accelerate education and a career change is critical.

"It is important that people considering a career in cybersecurity understand some of the challenges of this career path, including the potential to be on call and a requirement to react quickly when incidents occur, even on weekends or in the evenings," Kron explained.

From Fry's perspective, far too many businesses have been apprehensive to spend money on training or skills development; but that's likely an untenable position.

"The impact to those organizations, and the customers of those organizations is that they will continue to fall prey to cybersecurity attacks," he said. "The longer those organizations wait to prioritize cybersecurity and build a cybersecurity pipeline, the farther behind the power curve they will be."

Thus, business' hands may be forced, and the time is right to embrace some of the federal initiatives.

**About the Author**

Nathan Eddy is a freelance journalist and award-winning documentary filmmaker specializing in IT security, autonomous vehicle technology, customer experience technology, and architecture and urban planning. A graduate of Northwestern University’s Medill School of Journalism, Nathan currently lives in Berlin, Germany.

Cybersecurity Talent Shortage Prompts White House Action

The funds from Germany's Sovereign Tech Fund will be used to integrate zero-trust capabilities, tools for software bill of materials, and other security features.

Source: Les Polders via Alamy Stock Photo

The health of the global Internet and digital infrastructure relies heavily on volunteer-maintained open source projects. Various organizations and initiatives now provide funding to make security fixes or improve features for some of these projects.

Last week, the FreeBSD Foundation announced a €686,400 (approximately $762,540) investment from Germany's Sovereign Tech Fund. The foundation drives development and maintenance of the FreeBSD operating system, a Unix-based operating system similar to Linux. The funding from STF is intended to cover work for the rest of 2024 and extend into 2025 and will focus on security features and improvements.

STF is supported by the German Federal Ministry for Economic Affairs and Climate Action (BMWK) and is hosted by the German Federal Agency for Disruptive Innovation (SPRIND). The fund has actively supported open source projects that are important components of the global digital infrastructure, such as €1 million ($1.1 million) for GNOME (a widely used desktop application for Linux operating systems) development at the end of last year and €203,000 ($225,487) to GStreamer (a multimedia framework used widely in streaming apps, embedded devices, and browsers) earlier this year. Several of STF's recent investments are tied to security improvements, such as making the encrypted home directory a GNOME feature and rewriting GStreamer's various Web and networking protocols (RTP/RTCP, RTSP, and WebRTC) from C to Rust to eliminate recurring memory-based vulnerabilities.

The FreeBSD investment will also focus on several security initiatives, such as zero-trust builds, continuous integration/continuous delivery (CI/CD) automation, reducing technical debt, enhancing security controls, and improving tools related to the software bill of materials. Reducing technical debt is important since many vulnerabilities linger on in years-old components that are no longer being maintained or even looked at.

Zero-trust builds refer to the ability to prove where all the source code and tooling used in FreeBSD came from and are trusted. This is necessary to ensure that the tools used (such as compilers) are not introducing backdoors or malware into the code.

The focus on CI/CD automation is necessary to streamlining software delivery and operations. It will allow for constantly running security tests to ensure that changes have not introduced vulnerabilities and fixing them as they are found.

"This investment in critical digital infrastructure will accelerate modernization of FreeBSD, enhance security hygiene, and improve developer experiences," said Fiona Krakenbürger, co-founder of STF, in a statement.

STF has supported a slew of other open source projects, including curl, FFmpeg, Rustls (a TLS library written in Rust), and Coreutils uutils (the coreutils library with basic file, shell, and text functions rewritten in Rust).

FreeBSD Gets €686,400 to Boost Security Features

At Black Hat USA, security researcher Michael Bargury released a "LOLCopilot" ethical hacking module to demonstrate how attackers can exploit Microsoft Copilot — and offered advice for defensive tooling.

Source: Marcos Alvarado via Alamy Stock Photo

BLACK HAT USA – Las Vegas – Thursday, Aug. 8 – Enterprises are implementing Microsoft's Copilot AI-based chatbots at a rapid pace, hoping to transform how employees gather data and organize their time and work. But at the same time, Copilot is also an ideal tool for threat actors.

Security researcher Michael Bargury, a former senior security architect in Microsoft's Azure Security CTO office and now co-founder and chief technology officer of Zenity, says attackers can use Copilot to search for data, exfiltrate it without producing logs, and socially engineer victims to phishing sites even if they don't open emails or click on links.

Today at Black Hat USA in Las Vegas, Bargury demonstrated how Copilot, like other chatbots, is susceptible to prompt injections that enable hackers to evade its security controls.

The briefing, Living off Microsoft Copilot, is the second Black Hat presentation in as many days for Bargury. In his first presentation on Wednesday, Bargury demonstrated how developers could unwittingly build Copilot chatbots capable of exfiltrating data or bypassing policies and data loss prevention controls with Microsoft's bot creation and management tool, Copilot Studio.

**A Red-Team Hacking Tool for Copilot**

Thursday's follow-up session focused on various risks associated with the actual chatbots, and Bargury released an offensive security toolset for Microsoft 365 on GitHub. The new LOLCopilot module, part of powerpwn, is designed for Microsoft Copilot, Copilot Studio, and Power Platform.

Bargury describes it as a red-team hacking tool to show how to change the behavior of a bot, or "copilot" in Microsoft parlance, through prompt injection. There are two types: A direct prompt injection, or jailbreak, is where the attacker manipulates the LLM prompt to alter its output. With indirect prompt injections, attackers modify the data sources accessed by the model.

Using the tool, Bargury can add a direct prompt injection to a copilot, jailbreaking it and modifying a parameter or instruction within the model. For instance, he could embed an HTML tag into an email to replace a correct bank account number with that of the attacker, without changing any of the reference information or altering the model with, say, white text or a very small font.

"I'm able to manipulate everything that Copilot does on your behalf, including the responses it provides for you, every action that it can perform on your behalf, and how I can personally take full control of the conversation," Bargury tells Dark Reading.

Further, the tool can do all of this undetected. "There is no indication here that this comes from a different source," Bargury says. "This is still pointing to valid information that this victim actually created, and so this thread looks trustworthy. You don't see any indication of a prompt injection."

**RCE = Remote "Copilot" Execution Attacks**

Bargury describes Copilot prompt injections as tantamount to remote code-execution (RCE) attacks. While copilots don't run code, they do follow instructions, perform operations, and create compositions from those actions.

"I can enter your conversation from the outside and take full control of all of the actions that the copilot does on your behalf and its input," he says. "Therefore, I'm saying this is the equivalent of remote code execution in the world of LLM apps."

During the session, Bargury demoed what he describes as remote Copilot executions (RCEs) where the attacker:

*   Exfiltrates data in advance of an earnings report to trade on that information
    
*   Makes Copilot a malicious insider that directs users to a phishing site to harvest credentials
    

Bargury isn't the only researcher who has studied how threat actors could attack Copilot and other chatbots with prompt injection. In June, Anthropic detailed its approach to red team testing of its AI offerings. And for its part, Microsoft has touted its red team efforts on AI security for some time.

**Microsoft's AI Red Team Strategy**

In recent months, Microsoft has addressed newly surfaced research about prompt injections, which come in direct and indirect forms.

Mark Russinovich, Microsoft Azure’s CTO and technical fellow, recently discussed various AI and Copilot threats at the annual Microsoft Build conference in May. He emphasized the release of Microsoft's new Prompt Shields, an API designed to detect direct and indirect prompt injection attacks.  

"The idea here is that we're looking for signs that there are instructions embedded in the context, either the direct user context or the context that is being fed in through the RAG \[retrieval-augmented generation\], that could cause the model to misbehave," Russinovich said.

Prompt Shields is among a collection of Azure tools Microsoft recently launched that are designed for developers to build secure AI applications. Other new tools include Groundedness Detection to detect hallucinations in LLM outputs, and Safety Evaluation to detect an application's susceptibility to jailbreak attacks and creating inappropriate content.

Russinovich also noted two other new tools for security red teams: PyRIT (Python Risk Identification Toolkit for generative AI), an open source framework that discovers risks in generative AI systems. The other, Crescendomation, automates Crescendo attacks, which produce malicious content. Further, he announced Microsoft’s new partnership with HiddenLayer, whose Model Scanner is now available to Azure AI to scan commercial and open source models for vulnerabilities, malware or tampering.

**The Need for Anti-"Promptware" Tooling**

While Microsoft says it has addressed those attacks with safety filters, AI models are still susceptible to them, according to Bargury.

He says in specific, there's a need for more tools that scan for what he and other researchers call "promptware," i.e., hidden instructions and untrusted data. "I'm not aware of anything you can use out of the box today \[for detection\]," Bargury says.

"Microsoft Defender and Purview don't have those capabilities today," he adds. "They have some user behavior analytics, which is helpful. If they find the copilot endpoint having multiple conversations, that could be an indication that they're trying to do prompt injection. But actually, something like this is very surgical, where somebody has a payload, they send you the payload, and \[the defenses\] aren't going to spot it."

Bargury says he regularly communicates with Microsoft's red team and notes they are aware of his presentations at Black Hat. Further, he believes Microsoft has moved aggressively to address the risks associated with AI in general and its own Copilot specifically.

"They are working really hard," he says. "I can tell you that in this research, we have found 10 different security mechanisms that Microsoft's put in place inside of Microsoft Copilot. These are mechanisms that scan everything that goes into Copilot, everything that goes out of Copilot, and a lot of steps in the middle."

**About the Author**

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

How to Weaponize Microsoft Copilot for Cyberattackers

Microsoft execs detailed the company's reaction to the CrowdStrike incident and emphasized the value of a collective identity.

Ann Johnson, Corporate Vice President and Deputy CISO at Microsoft, and Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft, on the main stage at Black Hat USA.Source: Kristina Beek

BLACK HAT USA – Las Vegas – Wednesday, Aug. 7 – This week at Black Hat, Ann Johnson, corporate vice president and deputy chief information security officer (CISO) at Microsoft, and Sherrod DeGrippo, Microsoft's director of threat intelligence strategy, took to the main stage for their talk, "From the Office of the CISO: Smarter, Faster, Stronger, Security in the Age of AI." While attendees may have expected a discussion focused on ways that AI can help the effectiveness of cybersecurity tools, one could say that Johnson and DeGrippo decided to go off script.

"Does anyone remember a couple of weeks ago, there was like a little glitch?" DeGrippo asked the crowd, referring to the recent global CrowdStrike outage and earning a laugh in response.

The fault sensory configuration update to CrowdStrike's Falcon platform on July 19 triggered Microsoft outages for millions, and "blue screens of death" as far as the eye could see. As the days passed, the fallout continued to grow, with the estimated monetary loss amounting to roughly $5.4 billion, excluding Microsoft's own losses.

Johnson went on to give the audience the lowdown from someone who was there and witnessed the effects of the outage firsthand. The evening before the incident, Microsoft found itself dealing with a limited scope package in Azure in one of its US regions. 

"At 11:30 that night, it was remediated, was resolved, and I went to bed," Johnson said. "I was like 'OK, we're good.' At 1 in the morning, maybe 1:15, my phone rang with a customer \[who\] said 'Hey, I’m getting this blue screen of death.'"

Other calls started coming in, and she realized this wasn't connected to the Azure outage. Johnson explained that Microsoft then "rallied the troops" to face the problem.

"The pride I had, not just in Microsoft but those people that were literally working in shifts … these folks were working around the clock," she says. "The industry was working around the clock. And even though it was the operations folks that were most impacted, not the cyber folks, the resilience, the community, the things I saw in the industry were so powerful that yet again, it renews my faith that we all can win together."

Johnson’s take on the event is that the response to it from professionals was "incredible" to witness. However, what is the lesson to be learned?

**Community Is No. 1**

As DeGrippo detailed, the Microsoft Threat Intelligence Center (MSTIC) is focused on working closely with customers regarding intelligence briefings, and is "embedded" in its community of independent researchers, fellow vendors, and even colleagues at healthcare organizations and in other verticals.

For instance, Scattered Spider, a group responsible for a significant number of ransomware events in the past 18 months, is a persistent group that Microsoft has paid close attention to. Microsoft's community, from MSTIC to its Digital Crimes Unit (DCU), DeGrippo says, is eager to combat the group, helping law enforcement efforts. And it's not just Microsoft that does this, Johnson insists — its peers in the industry are also working with the public sector to defend people from the threat actor, sharing tactics and defense strategies. 

"For everything you see in the news, there are thousands of \[malicious\] things that haven’t happened because all the people in this room stopped it from happening," Johnson told Black Hat attendees. "Take a victory lap and a round of applause. Yeah, there’s bad things that are going to continue to happen. But all you stop the thousands of other things from happening, and that’s what community does."

**AI in the Hands of Threat Actors & Defenders**

Part of improving the community going forward is embracing technologies that make defenders' lives easier. For instance, as GenAI continues to grow in popularity, threat actors will use it to their advantage. According to Johnson, they'll use it to become more effective and efficient at what they do, making them more difficult to combat. What should defenders do in response? The exact same thing. 

"We want to use technology like AI or whatever the latest technology is to make you more effective, so you can take that time off," she said, referencing how new strategies and tools are needed to ensure that cyber defenders have less burnout. Events like the CrowdStrike Falcon update snafu and the resulting Microsoft outage should not require people to sacrifice their health or time with family while "working hours on end to combat the issues we’re collectively facing," Johnson said.

She added, "AI does have a very meaningful role in the world of the CISO and in the world of cyber defenders, but … we want to talk about the human beings, the community, the defenders."

Microsoft on CISOs: Thriving Community Means Stronger Security

Attackers can use a seemingly innocuous IP address to exploit localhost APIs to conduct a range of malicious activity, including unauthorized access to user data and the delivery of malware.

Source: Tada Images via Shutterstock

Attackers can use a flaw that exploits the 0.0.0.0 IP address to remotely execute code on various Web browsers — Chrome, Safari, Firefox, and others — putting users at risk for data theft, malware, and other malicious activity.

Researchers at open source security firm Oligo Security have discovered a way to bypass browser security and interact with services running on an organization's local network from outside the network, that they are calling "0.0.0.0 Day," because of the Web address it exploits.

The vulnerability exists due to "the inconsistent implementation of security mechanisms across different browsers, along with a lack of standardization in the browser industry," Avi Lumesky, an Oligo AI security researcher, revealed in a blog post published this week.

Attackers can use the flaw to exploit localhost application programming interfaces (APIs) from the browser, thus performing a range of malicious activities.

"As a result, the seemingly innocuous IP address, 0.0.0.0, can become a powerful tool for attackers to exploit local services, including those used for development, operating systems, and even internal networks," Lumesky wrote.

**Breaking Down the Flaw**

The flaw lies in the ability by design of browsers for services to send a request to almost any HTTP server using JavaScript; a browser's key job is to focus on delivering the correct response, either by serving up a valid response to a request or an error.

While browsers are generally supposed to prevent errant or malicious requests from getting through via their responses, there has been a lack of streamlined security in handling requests across browsers since their inception.

"For a long time, it was not clear how browsers should behave when they make requests to local or internal networks from less-private contexts," Lumesky explained in the post.

While most browsers have relied on CORS, or Cross-Origin Resource Sharing — a standard defining a way for client Web applications that are loaded in one domain to interact with resources in a different domain — "its performance depends on the response content, so requests are still made and can still be sent," Lumesky noted.

"This is simply not good enough," he wrote. "History proved that a single HTTP request can attack a home router — and if that's all it takes, every user needs to be able to prevent this request from happening at all."

**PNA Bypass**

Chrome's introduction of Private Network Access (PNA) — which goes beyond CORS — should, in theory, protect websites from the 0.0.0.0 day bug. PNA proposes distinguishing between public, private, and local networks, ensuring that "pages loaded under a less-secure context will not be able to communicate with more-secure contexts," Lumesky wrote.

However, Oligo researchers discovered that website requests sent to 0.0.0.0, which should be blocked under PNA, were actually received and processed by local servers. "This means public websites can access any open port on your host without the ability to see the response," Lumesky wrote.

To prove their point, the attackers investigated how ShadowRay, a recent attack campaign its researchers discovered targeting AI workloads, could execute its attack from the browser using 0.0.0.0 as its attack vector.

ShadowRay enabled arbitrary code execution when a private server was unintentionally exposed to the Internet, and went undiscovered for nearly a year. To prove their concept, Oligo researchers ran a local Ray cluster on localhost, then started a socket that is listening to new connections to open a reverse shell.

"Then, the victim clicks on the link in the email, which runs the exploit," Lumesky explained. "The exploit opens a reverse shell for the attacker on the visitor’s machine."

The researchers proved the concept within Chromium, Safari, and Firefox to execute ShadowRay from the browser in "one of an undoubtedly huge number of remote code execution attacks enabled by this approach," Lumesky noted. They also proved the attack via Selenium Grid public servers and PyTorch TorchServe via respective previously identified attack campaigns SeleniumGreed and ShellTorch.

Ultimately, the researchers demonstrated how by using 0.0.0.0 together with mode "no-cors," attackers "can use public domains to attack services running on localhost and even gain arbitrary code execution, all using a single HTTP request," Lumeksy explained.

**How Defenders Can Mitigate Attacks**

Oligo disclosed the findings to the relevant browser owners — including Google, Apple, and Mozilla — which responded by making fixes in their browsers to block 0.0.0.0 as a target IP, according to Oligo.

Meanwhile, as the companies in charge work to streamline security standards across browser offerings, there are other technical mitigations that network administrators can use to thwart attacks using the vector, Lumesky said.

They include implementing PNA headers, verifying the HOST header of the network request to protect against DNS rebinding attacks to localhost or 127.0.0.1, and generally mistrusting localhost networks just because they are "local." "Add a minimal layer of authorization, even when running on localhost," he advised.

Network administrators should also use HTTPS over HTTP whenever possible and implement CSRF tokens in your applications, even if they are local.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

'0.0.0.0 Day' Flaw Puts Chrome, Firefox, Mozilla Browsers at RCE Risk

The Dark Reading team once again welcomes the world's top cybersecurity experts to the Dark Reading News Desk live from Black Hat USA 2024. Tune into the livestream.

The Dark Reading News Desk will live stream for a second day today, Thursday, Aug. 8, from 10 a.m. PDT/1 p.m. ET to 4 p.m. PT/7 p.m. ET. The video will also be available on YouTube following the live stream.

You don't have to trek to Las Vegas to experience the best of Black Hat USA 2024.

The Dark Reading team is back again with the News Desk, steaming live from the heart of the Black Hat action at Mandalay Bay.

During two full days of live Black Hat coverage, Dark Reading has invited the world's top cybersecurity researchers, leaders, and experts to sit down at the News Desk and take on today's most pressing issues, including the rise of artificial intelligence and the evaluation of national cybersecurity strategies, as well as analyst forecasts into the year ahead and beyond.

Today, the Dark Reading News Desk lineup continues with Akamai researcher David Ori, who will offer highlights from his Black Hat Briefing on VPN post-exploitation techniques. In addition, Narayana Pappu, CEO of Zendata, will talk about the privacy risks inherent with post-cookie advertising tech solutions, and Michael Bargury, chief technology officer of Zenity, will reveal what he found in his research on the much-talked-about Microsoft Copilot.

Yesterday, Dark Reading spoke with Omdia director Maxine Holt to break down the highlights from the Omdia Analyst Summit at Black Hat, as well as MITRE engineers Marissa Dotter and Alexander Byrne, who discussed their research on large language models for offensive use. Columbia University scholar Jason Healy also stopped by to share insights into his Black Hat USA 2024 Briefing, "Is Defense Winning?"

Join the Dark Reading News Desk for ongoing, up-to-the-minute coverage of the very best of Black Hat USA 2024 from wherever you are. Check out conversations you won't hear anywhere else.

Dark Reading News Desk Live From Black Hat USA 2024

As AI technologies continue to advance at a rapid pace, privacy, security and governance teams can't expect to achieve strong AI governance while working in isolation.

Source: marcos alvarado via Alamy Stock Photo

COMMENTARY

AI technology is proliferating at a rapid pace, becoming an essential component of many businesses' operations. While organizations are achieving genuine benefits with them, the rise of AI-based systems does create new obstacles regarding data privacy, reputational risk, and new attack vectors for companies. 

AI systems rely on massive amounts of data, often including sensitive personal information. Improper handling of this data can lead to cyber vulnerabilities, privacy violations, and legal and regulatory issues. When tampered with, AI tools also have the potential to cause reputational damage — such as when Microsoft's AI chatbot Tay was exploited by users who fed it offensive and racist content, or when Amazon's AI recruiting tool exhibited bias against female candidates after being trained on historical hiring data that favored men. These incidents illustrate how important it is for organizations to implement safeguards to ensure AI systems aren't learning — and then generating outputs with — biased or malicious data.

Developing these safeguards requires a collaborative approach from privacy, security, and governance teams. While these teams, of course, have their areas of expertise, approaching AI governance from siloes won't work. Here are some ways that privacy, security, and governance teams can each flex their strengths to collaborate on strong AI governance:

**Security Team**

*   Infrastructure hardening: Strengthen your organization’s AI/ML infrastructure so that it can handle extensive training data — securely. You can achieve this by building strong access controls over who can access training data, setting multifactor authentication protocols for any access to the infrastructure, patching the infrastructure, and so on. Test the strength of your AI/ML infrastructure with red teaming or penetration testing. 
    
*   Alerting and monitoring: Develop robust monitoring capabilities to detect and prevent theft of your proprietary AI models.
    
*   Data leakage prevention: Adequate governance over the data being input into third-party AI systems is crucial; after all, this is what these AI systems will be trained on. Implement data leakage prevention solutions and strategies to monitor the sensitive data flowing into your and third-party AI systems, and ensure all AI solutions are vetted before uploading any sensitive information.
    
*   Employee training: Educate employees on AI-related risks, such as deepfakes and voice-based vishing attacks. Regularly test employees on their abilities to identify and thwart potential attacks.
    

**Governance Team**

*   Evaluate, evaluate, evaluate: Continuously evaluate the ethical implications of using AI technologies within your organization, and cross-check your AI and data practices with new regulation to ensure you remain compliant.
    
*   And educate, educate, educate: With the rapidly changing landscape, it’s crucial to continuously educate and enable your employees on risks and organizational policies for AI usage.
    

**Privacy Team**

*   AI risk assessments: Own the process of conducting risk assessments for AI projects to identify and mitigate privacy and compliance risks. 
    
*   Privacy by design: Implement privacy-by-design principles in AI development to build privacy-focused AI systems. These include ensuring consumer consent gathering strategies are understood, putting privacy safeguards in place to protect personal data, and implementing data anonymization strategies when training models.
    
*   Maintaining transparency and user preferences: Build workflows to ensure transparency and manage user consent, preferences, and data rights effectively.
    

**Working Together**

Collaboration between these teams is crucial for effective AI governance. Here's where they'll intertwine most:

*   AI task force: Develop a cross-functional AI task force within the organization with representation from key stakeholders across privacy, security, and governance. This task force will be responsible for developing AI guidelines and policies for the organization, approving the procurement of new AI technologies to carefully evaluate and mitigate AI risks, and ensuring that AI safety is prioritized when new systems are developed. Schedule regular meetings (monthly, for example) for the AI task force to discuss industry trends, emerging threats, and new use cases for AI technologies.
    
*   Dedicated communication channels: Establish channels where employees can easily ask questions and receive timely information about approved AI tools and their use. Utilize cross-functional forums like company all-hands or department-specific all-hands meetings to communicate organization-wide updates pertaining to AI use and considerations.
    
*   Leveraging technology and automation: The rise of AI systems has led to innovative technologies designed to identify and catalog AI systems within your organization and supply chain. It is essential to evaluate and implement these tools to enhance your AI governance framework. Integrating these advanced technologies, as well as solutions like SecurityPal for navigating security reviews, can help you maintain oversight, ensure compliance, and effectively manage the growing complexity of AI applications.
    

As AI technologies continue to advance at a rapid pace, privacy, security, and governance teams can't expect to achieve strong AI governance while working in isolation. The creation of an AI task force, fostering open communication around timely challenges and risks, will provide immediate benefits. Working together, rather than in siloes, these teams can ensure your AI systems are developed and deployed responsibly, ethically, and securely, ultimately safeguarding your organization's reputation and integrity.

**About the Authors**

Sanket Kavishwar, Director of Product Management, Relyance AI

Sanket Kavishwar is director of product management at Relyance AI. With more than a decade of experience in SaaS, Sanket has a diverse background encompassing roles as a software engineer developing security solutions, a consultant implementing ERP solutions for enterprise clients, a customer success leader managing enterprise accounts, and a go-to-market leader scaling advanced privacy programs for enterprises. Currently, as a product leader, he focuses on delivering products at the intersection of privacy and security.

Security & GRC Lead, Plaid

Kenneth Moras, security and GRC lead for Plaid, is a cybersecurity leader with extensive experience in building strategic risk management programs at Plaid and scaling cybersecurity programs at notable organizations such as Meta and Adobe. His expertise also extends to cybersecurity consulting for Fortune 500 companies during his tenure at KPMG.

Source

DARKReading