A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.

Source: ZUMA Press, Inc. via Alamy Stock Photo

A critical, stubborn new vulnerability in Apache Struts 2 may be under active exploitation already, and fixing it isn't as simple as downloading a patch.

Struts 2 is an open source framework for building Java applications. Though long past its prime, Struts 2 remains common in older legacy systems across industries. In fact, its prevalence combined with its agedness is what makes its newly discovered vulnerability — CVE-2024-53677, CVSS 9.5 — so tricky. As its components have withered, and newer technologies and security practices have moved on, fixing any newly arising issues like this can require more than just a standard patch. 

"The risk lies in the fact that older applications are less likely to be integrated with a modern CI/CD pipeline," explains Chris Wysopal, chief security evangelist at Veracode. "As a result, updating the Struts 2 library, building and deploying a new version of a vulnerable application requires more manual effort and takes significantly longer. This significant effort will result in a longer window of vulnerability, during which attackers may exploit and take advantage of this weakness."

Wysopal assesses, "It is likely that we will see the exploitation of this vulnerability for weeks, as organizations find and fix all instances of Struts 2 usage."

Related:Delinea Joins CVE Numbering Authority Program

**RCE Bug in Apache Struts 2**

This same time last year, nearly to the day, a Struts 2 vulnerability with a "critical" 9.8 score in the Common Vulnerability Scoring System (CVSS) was disclosed to the public. CVE-2023-50164 resulted from attackers' ability to manipulate file upload parameters, opening the door to path traversal. Under certain conditions an attacker could upload a specially crafted malicious script in order to achieve remote code execution (RCE) on a server.

CVE-2024-53677 is CVE-2023-50164 regen. It, too, lies in Struts 2's File Upload Interceptor component, responsible for handling file uploads, and enables RCE via path traversal. In a blog post, Johannes Ullrich of the SANS Institute speculated that an inadequate patch for CVE-2023-50164 led to this latest déjà vu.

He also observed active exploitation attempts from one IP address, which utilized a public proof-of-concept (PoC). The attacker played with the vulnerability by uploading "a one-liner script that is supposed to return 'Apache Struts.' Next, the attacker attempts to find the uploaded script. The exploit attempt is very close to the original PoC. Since then, a slightly improved exploit has been uploaded to the same GitHub repository," he wrote.

Related:Does Desktop AI Come With a Side of Risk?

Typically in situations such as this, organizations are advised to apply patches as soon as possible. In the case of CVE-2024-53677, the story isn't quite as simple.

Organizations do need to upgrade to the latest version of Struts, 6.7.0 — or, at least, 6.4.0, released in the wake of CVE-2023-50164, which deprecated the File Upload Interceptor at issue. The fix isn't backward compatible, however, Apache noted in its security bulletin. IT teams will need to migrate to the newfangled Action File Upload Interceptor, and adjust how their existing applications handle file uploads by diligently rewriting their code to make use of it.

"It's not a simple version bump," warns Saeed Abbasi, manager of vulnerability research at Qualys. "It requires code rewrites, configuration adjustments, and can break existing logic and dependencies. In complex environments, removing all traces of the legacy interceptor poses significant challenges due to intricate plug-in chains and layered frameworks. This complexity is further compounded by the need for extensive regression testing."

**The Potential Scope of Impact for CVE-2024-53677**

The national centers for cybersecurity in Australia, Belgium, Canada, Singapore, and the UK have all released urgent security warnings regarding CVE-2024-53677. That this issue has attracted so much attention may not be obvious at first, since Struts 2 is so rarely used by developers today. It does, however, live on in legacy systems worldwide.

Related:Citizen Development Moves Too Fast for Its Own Good

In the 2000s, Struts 2 was king among Java Web frameworks. By 2007 it was receiving nearly 350,000 downloads per month. Its webpage received millions of monthly visits; even its newsletter had thousands of subscribers. Today, Wysopal says, "It no longer has mainstream appeal and is rarely chosen for new projects. Its presence is more an artifact of historical adoption rather than active popularity."

"Its 'kingdom' is confined to those stable, older applications in conservative industries — particularly finance, insurance, government, and large-scale manufacturing or logistics — often in organizations and regions that are regulated and less likely to modernize," he says. Case in point: a Struts 2 vulnerability was at the heart of the infamous 2017 Equifax breach.

Just how common is Struts 2 in legacy systems in 2024? Abbasi reports that within the first 24 hours following the disclosure of CVE-2024-53677, Qualys "observed tens of thousands of vulnerable instances, reflecting the breadth and urgency of the challenge."

To his view, "The persistence of Struts 2 in critical systems, long after more secure frameworks have emerged, illustrates the ongoing struggle enterprises face with technical debt. Many organizations run versions of Struts past their end-of-life, without proper planning which compounds the impact of new vulnerabilities. Enterprises need solid attack surface management, along with lifecycle management strategies, ensuring that critical frameworks are regularly updated, and deprecated components are swiftly phased out."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Orgs Scramble to Fix Actively Exploited Bug in Apache Struts 2

Cyberattackers used fake DocuSign links and HubSpot forms to try to solicit Azure cloud logins from hundreds of thousands of employees across Europe.

Source: Ascannio via Alamy Stock Photo

A full 20,000 employees of European manufacturing companies have been targeted by a phishing campaign.

According to Palo Alto Networks' Unit 42, the activity peaked in June and survived until at least September. The cyberattackers targeted automotive, chemical, and industrial compound manufacturing companies, primarily in Western European countries like the UK, France, and Germany.

The attackers' goal was to lure employees into divulging credentials to their Microsoft accounts, particularly in order to gain access to their enterprise Azure cloud environments.

**DocuSign, HubSpot & Outlook Phishing**

The infection chain began either with an embedded HTML link or a DocuSign-enabled PDF file named after the targeted company (e.g., darkreading.pdf). In either case, the lure funneled victims to one of 17 HubSpot Free Forms. Free Forms are HubSpot's customizable online forms for gathering information from website visitors.

The forms were not actually used to gather any information from victims. They were bare, and clearly written by a non-native speaker. "Are your \[sic\] Authorized to view and download sensitive Company Document sent to Your Work Email?" they asked, with a button to view the purportedly sensitive document in "Microsoft Secured Cloud."

Related:CISA Directs Federal Agencies to Secure Cloud Environments

Those who fell for this step were redirected to another page, mimicking a Microsoft Outlook Web App (OWA) login page. These pages — hosted on robust, anonymous bulletproof virtual private servers (VPS) — incorporated their targets' brand names, with the top-level domain (TLD) ".buzz" (as in www.darkreading.buzz). Victims' Microsoft credentials were harvested here.

With stolen accounts in hand, the threat actor set about burrowing into targets' enterprise cloud environments. The next important step to that end involved registering their own device to victims' accounts. Doing so allowed them to log in thereafter as an authenticated user, and thus avoid triggering security alerts. They enhanced their disguise further by connecting through VPN proxies located in the same country as their target.

Registering a device also provided a point of persistence against any attempts to unseat the attacker. In one case Unit 42 observed, for example, an IT team was stymied as soon as they tried to regain control of a stolen account. Seeing that they might be booted, the attacker initiated a password reset, knowing that the link to do so would be sent to them. A "tug-of-war scenario" ensued, Unit 42 reported, triggering several more security alerts along the way until the matter was resolved.

Related:Azure Data Factory Bugs Expose Cloud Infrastructure

**Cyberattackers Broaden their Horizons to the Cloud**

The volume of compromised users and organizations in this campaign is unknown, though likely low. As Nathaniel Quist, senior threat researcher at Unit 42, points out, "since this operation equates to a double breach event, as the phishing email must be opened, then an additional operation of successfully requesting Azure credentials needed to occur. We suspect that an even smaller number of victims would have also provided the cloud credentials. For example, not every victim would also be using Azure infrastructure for their cloud operations."

What's clearer is what would have happened to those organizations that were breached. With account credentials and a point of persistence, the attackers would have embedded themselves deeper into enterprise cloud environments, "by either escalating their access to create, modify, or delete cloud resources by attaching more privileged \[identity and access management\] policies, or they would have moved laterally within the cloud environment toward storage containers that the victim IAM account may have had access to," Quist says.

Though at first glance it might appear a fairly standard phishing operation, Quist says, it also reflects something broader about cyberattack trends lately — a gradual move toward broader, more ambitious cloud attacks.

Related:Zerto Introduces Cloud Vault Solution for Enhanced Cyber Resilience Through MSPs

"From my view, we are starting to see a growing trend of phishing operations that are not establishing a malware-focused beachhead on the victim system, but instead are targeting the user's access credentials to either cloud platforms, like Azure in this case, or SaaS platforms," he says. "The victim endpoint is only the initial access into the larger cloud platform it is connected to."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Manufacturers Lose Azure Creds to HubSpot Phishing Attack

Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness.

Source: CPA Media Pte Ltd via Alamy Stock Photo

Unknown hackers are targeting individuals associated with Thailand's government, using a new and unwieldy backdoor dubbed "Yokai," potentially named after a type of ghost found in the video game Phasmophobia, or after spirits in Japanese folklore.

Researchers from Netskope recently came across two shortcut (LNK) files disguised as .pdf and .docx files, unsubtly named as if they pertained to official US government business with Thailand. The attack chain tied to these fake documents cleverly used legitimate Windows binaries to deliver the previously unknown backdoor, which appears to be a hastily developed program designed to run shell commands. It carries a risk of unintended system crashes, the researchers noted.

**Ghost in the Machine: US-Themed Lures in Phishing Attack**

From Thai, the lure documents translate to "United States Department of Justice.pdf" and “Urgently, United States authorities ask for international cooperation in criminal matters.docx." Specifically, they made reference to Woravit "Kim" Mektrakarn, a former factory owner in California tied to the disappearance and suspected murder of an employee in 1996. Mektrakarn was never apprehended and is believed to have fled to Bangkok.

"The lures also suggest they are addressed to the Thai police," notes Nikhil Hegde, senior engineer for Netskope. "Considering the capabilities of the backdoor, we can speculate that the attacker's motive was to get access to the systems of the Thai police."

Related:Russian FSB Hackers Breach Pakistani APT Storm-0156

Like any other phishing attack, opening either of these documents would cause a victim to download malware. But the path from A to B wasn't so jejune as that might suggest.

**Abusing Legitimate Windows Utilities**

To begin their attack chain, the attackers made use of "esentutl," a legitimate Windows command line tool used to manage Extensible Storage Engine (ESE) databases. Specifically, they abused its ability to access and write to alternate data streams (ADS).

In Windows' New Technology File System (NTFS), files commonly contain more than just their primary content — their main "stream." An image or text document, for example, will also come packed with metadata — even hidden data — which won't be visible in the normal listing of the file, because it is not so pertinent to users. An unscrutinized channel for appending hidden data to a seemingly harmless file, however, is a luxury to a cyberattacker.

"ADS is often used by attackers to conceal malicious payloads within seemingly benign files," Hegde explains. "When data is hidden in an ADS, it does not alter the visible size or properties of the primary file. This allows attackers to evade basic file scanners that only inspect the primary stream of a file."

Related:Hamas Hackers Spy on Mideast Gov'ts, Disrupt Israel

Opening the shortcut files associated with this campaign would trigger a hidden process, during which Esentutl would be used to pull decoy government documents, and a malicious dropper, from two alternate data streams. The dropper would carry with it a legitimate copy of the iTop Data Recovery tool, used as a gateway for sideloading the Yokai backdoor.

**Inside the Yokai Backdoor Malware**

Upon entering a new system, Yokai checks in with its command-and-control (C2) base, arranges an encrypted channel for communication, then waits for its orders. It can run any ordinary shell commands in order to steal data, download additional malware, etc.

“There are some sophisticated elements in Yokai," Hegde says. For example, "Its C2 communications, when decrypted, are very structured." In other ways, though, it proves rough around the edges.

If run using administrator privileges, Yokai creates a second copy of itself, and its copy creates a third copy, ad infinitum. On the other hand, to prevent itself from running multiple times on the same machine, it checks for the presence of a mutex file — if the file exists, it terminates itself, and if it doesn't, it creates it. This check occurs after the self-replication step, however, only after the malware has begun spawning out of control. "This leads to repetitive, rapid duplicate executions that immediately terminate upon finding the mutex. This behavior would be clearly visible to an EDR, diminishing the stealth aspect of the backdoor," Hegde says.

Related:China's Elite Cyber Corps Hone Skills on Virtual Battlefields

Even a regular user might notice the strange effects to their machine. "The rapid spawning creates a noticeable slowdown. If the system is already under heavy load, process creation and execution might already be slower due to resource contention, further exacerbating the system's performance issues," he says.

In all, Hegde adds, "This juxtaposition of sophistication and amateurism stands out the most to me, almost as if two different individuals were involved in its development. Given the version strings found in the backdoor and its variants, it is likely still being continuously developed."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Thai Police Systems Under Fire From 'Yokai' Backdoor

Yet another day, yet another data leak tied to Cisco!

****SUMMARY:****

*   **Partial Data Leak**: Hackers leaked 2.9GB of Cisco’s data on _Breach Forums_ on December 16, 2024.

*   **Exposed Records**: The leaked data is part of a 4.5TB dataset that was allegedly left unprotected by Cisco in October 2024.

*   **Previous Incident**: IntelBroker previously claimed responsibility for accessing the exposed data and attempted to sell it, including sensitive information from companies like Verizon, AT&T, and Microsoft.

*   **Cisco’s Response**: Cisco previously denied any compromise of core systems, attributing the issue to a misconfigured public-facing DevHub resource.

*   **Proof of Legitimacy**: IntelBroker released this partial leak to demonstrate the validity of their claims and attract buyers for the remaining data.

**RIBridges Breach**: Hackers infiltrated Rhode Island’s health and benefits system, demanding ransom and threatening to leak sensitive data.

On Monday, December 16, 2024, hackers leaked what they referred to as “partial data” belonging to technology and cybersecurity giant Cisco. The leak occurred on the cybercrime and data breach platform Breach Forums, where IntelBroker, a notorious hacker and the forum’s owner, released 2.9 GB of data for download.

****Important Background****

The leaked data is part of the 4.5TB content that hackers claim was left exposed by Cisco without any password protection or security authentication, allowing them to download the entire dataset in October 2024.

Hackread.com exclusively reported on the incident on October 14, 2024, when IntelBroker attempted to sell the data, which allegedly included source codes, confidential documents, and credentials belonging to global firms like Verizon, AT&T, Microsoft, and others.

At the time, Cisco did not respond to Hackread.com but denied any compromise of their core systems, attributing the incident to a misconfigured public-facing DevHub resource. However, IntelBroker maintained they had access until October 18 and provided evidence to Hackread.com showing they exploited an exposed token for JFrog, a software supply chain platform, to access the exposed content.

****What’s in the Leaked Data?****

This time, IntelBroker has leaked a portion of the data in an attempt to prove its legitimacy to potential buyers. “Hopefully, this proves the legitimacy of the breach to others wanting to buy the full version,” the hacker stated.

The 2.9GB leak reportedly contains the following:

*   **Cisco ISE (Identity Services Engine)**: A security policy platform that provides secure network access control and identity management.

*   **Cisco SASE (Secure Access Service Edge)**: A cloud-delivered solution that combines networking and security functions for secure access from anywhere.

*   **Cisco Webex**: A collaboration platform offering video conferencing, messaging, and calling solutions for teams and businesses.

*   **Cisco Umbrella**: A cloud-based DNS security solution that protects users from threats by securing internet access and blocking malicious domains.

*   **Cisco IOS XE & XR**: Network operating systems used in Cisco routers and switches, enabling advanced networking, automation, and programmability.

*   **Cisco C9800-SW-iosxe-wlc.16.11.01**: A software-based Wireless LAN Controller (WLC) image that manages and controls wireless networks running on Cisco Catalyst 9800 Series platforms.

Here’s a screenshot from Breach Forums showing what the hackers have leaked and the claims they are making:

IntelBroker on Breach Forums (Screenshot credit: Hackread.com)

****Intel Broker and Previous Breaches****

Intel Broker is known for high-profile data breaches. **In June 2024**, the hacker claimed to have breached Apple Inc., stealing source code for internal tools. The same hacker boasted about **breaching AMD** (Advanced Micro Devices, Inc.), and stealing employee and product information.

**In May 2024**, Intel Broker hacked Europol, a breach that the agency later confirmed. Some of the hacker’s previous data breaches are listed below:

*   **Tech in Asia**
*   **Space-Eyes**
*   **Home Depot**
*   **Facebook Marketplace**
*   **Staffing giant Robert Half**
*   **U.S. contractor Acuity Inc.**
*   **Los Angeles International Airport**
*   **Alleged breaches of HSBC and Barclays Bank**

Nevertheless, the partial leak goes on to show ongoing exploitation of misconfigured systems and exposed data. The scale of exploitation is evident, as even high-profile hackers like ShinyHunters and Nemesis **have targeted** misconfigured servers and S3 buckets.

While Cisco has yet to respond to this latest development, IntelBroker’s actions also show how such incidents can escalate into extortion attempts. Whether the remaining 4.5TB dataset will be sold, leaked, or resolved remains to be seen, but it’s a reminder for organizations to maintain their security practices and protect sensitive data.

1.  IntelBroker Claim Access to Nokia Internal Data, Selling for $20K
2.  Europol Hacked: IntelBroker Claims Major Law Enforcement Breach
3.  IntelBroker Space-Eyes Breach, Targeting US National Security Data
4.  IntelBroker Claims Breach of Top Cybersecurity Firm, Selling Access
5.  AMD Data Breach: IntelBroker Claims Theft of Employee, Product Info

Hackers Leak Partial Cisco Data from 4.5TB of Exposed Records

Artificial intelligence capabilities are coming to a desktop near you — with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks?

Source: 'Who is Danny' via Shutterstock

Artificial intelligence has come to the desktop.

Microsoft 365 Copilot, which debuted last year, is now widely available. Apple Intelligence just reached general beta availability for users of late-model Macs, iPhones, and iPads. And Google Gemini will reportedly soon be able to take actions through the Chrome browser under an in-development agent feature dubbed Project Jarvis.

The integration of large language models (LLMs) that sift through business information and provide automated scripting of actions — so-called "agentic" capabilities — holds massive promise for knowledge workers but also significant concerns for business leaders and chief information security officers (CISOs). Companies already suffer from significant issues with the oversharing of information and a failure to limit access permissions — 40% of firms delayed their rollout of Microsoft 365 Copilot by three months or more because of such security worries, according to a Gartner survey.

The broad range of capabilities offered by desktop AI systems, combined with the lack of rigorous information security at many businesses, poses a significant risk, says Jim Alkove, CEO of Oleria, an identity and access management platform for cloud services.

"It's the combinatorics here that actually should make everyone concerned," he says. "These categorical risks exist in the larger \[native language\] model-based technology, and when you combine them with the sort of runtime security risks that we've been dealing with — and information access and auditability risks — it ends up having a multiplicative effect on risk."

Related:Citizen Development Moves Too Fast for Its Own Good

Desktop AI will likely take off in 2025. Companies are already looking to rapidly adopt Microsoft 365 Copilot and other desktop AI technologies, but only 16% have pushed past initial pilot projects to roll out the technology to all workers, according to Gartner's "The State of Microsoft 365 Copilot: Survey Results." The overwhelming majority (60%) are still evaluating the technology in a pilot project, while a fifth of businesses haven't even reached that far and are still in the planning stage.

Most workers are looking forward to having a desktop AI system to assist them with daily tasks. Some 90% of respondents believe their users would fight to retain access to their AI assistant, and 89% agree that the technology has improved productivity, according to Gartner.

**Bringing Security to the AI Assistant**

Unfortunately, the technologies are black boxes in terms of their architecture and protections, and that means they lack trust. With a human personal assistant, companies can do background checks, limit their access to certain technologies, and audit their work — measures that have no analogous control with desktop AI systems at present, says Oleria's Alkove.

Related:Cleo MFT Zero-Day Exploits Are About to Escalate, Analysts Warn

AI assistants — whether they are on the desktop, on a mobile device, or in the cloud — will have far more access to information than they need, he says.

"If you think about how ill-equipped modern technology is to deal with the fact that my assistant should be able to do a certain set of electronic tasks on my behalf, but nothing else," Alkove says. "You can grant your assistant access to email and your calendar, but you cannot restrict your assistant from seeing certain emails and certain calendar events. They can see everything."

This ability to delegate tasks needs to become part of the security fabric of AI assistants, he says.

**Cyber-Risk: Social Engineering Both Users & AI**

Without such security design and controls, attacks will likely follow.

Earlier this year, a prompt injection attack scenario highlighted the risks to businesses. Security researcher Johann Rehberger found that an indirect prompt injection attack through email, a Word document, or a website could trick Microsoft 365 Copilot into taking on the role of a scammer, extracting personal information, and leaking it to an attacker. Rehberger initially notified Microsoft of the issue in January and provided the company with information throughout the year. It's unknown whether Microsoft has a comprehensive fix for the issue.

Related:Generative AI Security Tools Go Open Source

The ability to access the capabilities of an operating system or device will make desktop AI assistants another target for fraudsters who have been trying to get a user to take actions. Instead, they will now focus on getting an LLM to take actions, says Ben Kilger, CEO of Zenity, an AI agent security firm.

"An LLM gives them the ability to do things on your behalf without any specific consent or control," he says. "So many of these prompt injection attacks are trying to social engineer the system — trying to go around other controls that you have in your network without having to socially engineer a human."

**Visibility Into AI's Black Box**

Most companies lack visibility into and control of the security of AI technology in general. To adequately vet the technology, companies need to be able to examine what the AI system is doing, how employees are interacting with the technology, and what actions are being delegated to the AI, Kilger says.

"These are all things that the organization needs to control, not the agentic platform," he says. "You need to break it down and to actually look deeper into how those platforms actually being utilized, and how do people build and interact with those platforms."

The first step to evaluating the risk of Microsoft 365 Copilot, Google's purported Project Jarvis, Apple Intelligence, and other technologies is to gain this visibility and have the controls in place to limit an AI assistant's access on a granular level, says Oleria's Alkove.

Rather than a big bucket of data that a desktop AI system can always access, companies need to be able to control access by the eventual recipient of the data, their role, and the sensitivity of the information, he says.

"How do you grant access to portions of your information and portions of the actions that you would normally take as an individual, to that agent, and also only for a period of time?" Alkove asks. "You might only want the agent to take an action once, or you may only want them to do it for 24 hours, and so making sure that you have those kind of controls today is critical."

Microsoft, for its part, acknowledges the data-governance challenges, but argues that they are not new, just made more apparent due to AI’s arrival.

"AI is simply the latest call to action for enterprises to take proactive management of controls their unique, respective policies, industry compliance regulations, and risk tolerance should inform – such as determining which employee identities should have access to different types of files, workspaces, and other resources," a company spokesperson said in a statement.

The company pointed to its Microsoft Purview portal as a way that organizations can continuously manage identities, permission, and other controls. Using the portal, IT admins can help secure data for AI apps and proactively monitor AI use though a single management location, the company said. Google declined to comment about its forthcoming AI agent.

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Does Desktop AI Come With a Side of Risk?

A list of topics we covered in the week of December 9 to December 15 of 2024

December 13, 2024 - Care1, a Canadian healthcare solutions provider left a cloud storage instance freely accessible and unencrypted for anyone to find.

December 12, 2024 - Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS.

December 12, 2024 - Senators introduced a bill to stop data brokers from trading in health and location data and enable the FTC to enforce the new rules

December 10, 2024 - TikTok has requested an emergency injunction to stop or postpone the planned ban on the platform in the US.

December 9, 2024 - Authorities were able to intercept the Matrix messaging service’s traffic and monitor criminal activity for three months.

 A week in security (December 9 &#8211; December 15) 

A new side-channel attack method is a computationally practical way to infer the structure of a convolutional neural network — meaning that cyberattackers or rival companies can plagiarize AI models and take their data for themselves.

Source: Daniel Chetroni via Alamy Stock Photo

Researchers have demonstrated how to recreate a neural network using the electromagnetic (EM) signals emanating from the chip it runs on.

The method, called "TPUXtract," comes courtesy of North Carolina State University's Department of Electrical and Computer Engineering. Using many thousands of dollars worth of equipment and a novel technique called "online template-building," a team of four managed to infer the hyperparameters of a convolutional neural network (CNN) — the settings that define its structure and behavior — running on a Google Edge Tensor Processing Unit (TPU), with 99.91% accuracy.

Practically, TPUXtract enables a cyberattacker with no prior information to essentially steal an artificial intelligence (AI) model: They can recreate a model in its entirety and save the actual data it was trained on, for purposes of intellectual property (IP) theft or follow-on cyberattacks.

**How TPUXtract Works to Recreate AI Models**

The study was conducted on a Google Coral Dev Board, a single-board computer for machine learning (ML) on smaller devices: think edge, Internet of Things (IoT), medical equipment, automotive systems, etc. In particular, researchers paid attention to the board's Edge Tensor Processing Unit (TPU), the application-specific integrated circuit (ASIC) at the heart of the device that allows it to efficiently run complex ML tasks.

Any electronic device like this, as a byproduct of its operations, will emit EM radiation, the nature of which will be influenced by the computations it performs. Knowing this, the researchers conducted their experiments by placing an EM probe on top of the TPU — removing any obstructions like cooling fans — and centering it on the part of the chip emanating the strongest EM signals. Then they fed the machine input data and recorded the signals it leaked.

To begin to make sense of those signals, they first identified that before any data gets processed, a neural network quantizes — compresses — its input data. Only when the data is in a format suitable for the TPU does the EM signal from the chip shoot up, indicating that computations have begun.

At this point, the researchers could begin mapping the EM signature of the model. But trying to estimate all of the dozens or hundreds of compressed layers that comprise the network at the same time would have been effectively impossible.

Every layer in a neural network will have some combination of characteristics: It will perform a certain type of computation, have a certain number of nodes, etc. Importantly, "the property of the first layer affects the 'signature,' or the side-channel pattern of the second layer," notes Ashley Kurian, one of the researchers. Thus, trying to understand anything about the second, 10th, or 100th layer becomes increasingly impossible, as it rests on all of the properties of what came before it.

"So if there are 'N' layers, and there are 'K' numbers of combinations \[of hyperparameters\] for each layer, then computing cost would have been N raised to K," she explains. The researchers studied neural networks with 28 to 242 layers (N) and estimated that K — the total number of possible configurations for any given layer — equaled 5,528.

Instead of having to commit infinite computing power to the problem, they figured they could isolate and analyze each layer in turn.

To recreate each layer of a neural network, the researchers built "templates" — thousands of simulated combinations of hyperparameters, and read the signals they gave off when processing data. Then they compared those results to the signals emitted by the model they were trying to approximate. The closest simulation would be considered correct. Then, they applied the same process to the next layer.

"Within a day, we could completely recreate a neural network that took weeks or months of computation by the developers," Kurian reports.

**Stolen AIs Lead to IP, Cybercrime Risk to Companies**

Pulling off TPUXtract isn't trivial. Besides a wealth of technical know-how, the process also demands a variety of expensive and niche equipment.

The NCSU researchers used a Riscure EM probe station with a motorized XYZ table to scan the chip's surface, and a high sensitivity electromagnetic probe for capturing its weak radio signals. A Picoscope 6000E oscilloscope recorded the traces, Riscure's icWaves field-programmable gate array (FPGA) device aligned them in real-time, and the icWaves transceiver used bandpass filters and AM/FM demodulation to translate and filter out irrelevant signals.

As tricky and costly as it may be for an individual hacker, Kurian says, "It can be a competing company who wants to do this, \[and they could\] in a matter of a few days. For example, a competitor wants to develop \[a copy of\] ChatGPT without doing all of the work. This is something that they can do to save a lot of money."

Intellectual property theft, though, is just one potential reason anyone might want to steal an AI model. Malicious adversaries might also benefit from observing the knobs and dials controlling a popular AI model, so they can probe them for cybersecurity vulnerabilities.

And for the especially ambitious, the researchers also cited four studies that focused on stealing regular neural network parameters. Theoretically, those methods in combination with TPUXtract could be used to recreate the entirety of any AI model — parameters and hyperparameters in all.

To combat these risks, the researchers suggested that AI developers could introduce noise into the AI inference process using dummy operations, or running random operations concurrently, or confuse analysis by randomizing the sequence of layers during processing.

"During the training process," says Kurian, "developers will have to insert these layers, and the model should be trained to know that these noisy layers need not be considered."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

With 'TPUXtract,' Attackers Can Steal Orgs' AI Models

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.

Statue of PrometheusSource: luminous via Alamy Stock Photo

Reseachers have discovered hundreds of thousands of servers running Prometheus open source monitoring software on the open Web are exposing passwords, tokens, and opportunities for denial of service (DoS) and remote code execution.

As a leader among open source observability tools, Prometheus is used widely by organizations to monitor the performance of their applications and cloud infrastructure. But it comes with a catch: As noted in its documentation, "It is presumed that untrusted users have access to the Prometheus HTTP endpoint and logs. They have access to all time series information contained in the database, plus a variety of operational/debugging information."

Apparently, a whole lot of users either aren't aware of the ways in which Prometheus is exposed by default, or don't realize the value of the data that's exposed along the way. Using Shodan, researchers from Aqua Nautilus discovered more than 40,000 exposed Prometheus servers, and more than 296,000 exposed "exporters," which the program uses to collect data from monitored endpoints. The researchers found sensitive data in those servers and exporters, and opportunities for "repojacking" and DoS attacks.

**What Prometheus Exposes**

On first impression, the data Prometheus collects might seem rather bland: application performance metrics, metrics associated with particular cloud tools, CPU, memory, and disk usage, for example.

"We think that it's only statistics — it's only information about the health of the system. That's the problem," says Assaf Morag, director of threat intelligence at Aqua Nautilus. Probing the data from the perspective of an attacker reveals all kinds of information that could lubricate cyberattacks.

"We noticed that we can actually see plaintext passwords and tokens, and API addresses of internal locations that should be kept hidden," Morag says. For example, he found one exposed and unauthenticated instance of Prometheus belonging to Skoda Auto, the Czech automobile manufacturer, which revealed some of the company's subdomains, and Docker registries and images.

Besides exposing secrets, open Web Prometheus servers and exporters also carry a risk of DoS. There's the '/debug/pprof' endpoint, for example, which helps users profile remote hosts, and is enabled by default by most Prometheus components. In their testing, the researchers demonstrated that they could overload the endpoint to disrupt communications or outright crash Amazon Web Services Elastic Compute Cloud (AWS EC2) instances or Kubernetes pods.

"The result was conclusive: We ended up stopping virtual machines each time we ran our script," Morag reports. To drive home the significance of such an attack scenario, he jokes, "I read somewhere that Kubernetes clusters run in fighter jets. I don't think that they are exposed to the Internet, but \[it goes to show\] we run Kubernetes in lots of places today."

**Repojacking Opportunities in Prometheus**

Users can protect their Prometheus servers and exporters by taking them offline, or at least adding a layer of authentication to keep out prying eyes. And, of course, there are tools designed to mitigate DoS risks.

Less easily solved is a third issue in the platform: Several of its exporters were found vulnerable to repojacking attacks.

The opportunity for repojacking can occur whenever a developer changes or deletes their account on GitHub and doesn't perform a namespace retirement. Simply, an attacker registers the developer's old username, then plants malware under the same title as the developer's old, legitimate projects. Then any projects that reference this repository but aren't updated with the correct redirect link can end up ingesting the malicious copycat.

Prometheus' official documentation referenced several exporters associated with freely claimable usernames, meaning that any attacker could have stepped in and taken advantage to perform remote code execution. Aqua Nautilus reported the issue to Prometheus, and it has since been addressed.

Repojacking opportunities are likely far more widespread than is realized, Morag emphasizes, so organizations need to be monitoring any discrepancies between the projects they rely on and the links they follow to access them. "It's not that difficult," he says. "But if you're doing it for millions of open source projects, that's where the problem starts. If you use an automated \[scanning tool\], you could be safe."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

336K Prometheus Instances Exposed to DoS, 'Repojacking'

Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows.

Source: Vicky Barlow via Alamy Stock Photo

NEWS BRIEF

A surveillance tool named EagleMeSpy, developed by a Chinese software company for legal use by the country's public security bureaus, has been scraping the most sensitive data from targeted Android devices since at least 2017.

Researchers at Lookout warn that the EagleMeSpy spyware has been under constant development, and while at the moment they have only seen evidence of an Android version, analysis of the tool's infrastructure indicates a potential Apple iOS version is out there somewhere as well.

Unlike other commercial spyware products, EagleMeSpy requires physical access to the targeted device to deploy the tool, the Lookout team found. The researchers reported they found no evidence of the spyware in Google Play or any other app stores, leading them to conclude Chinese law enforcement officials are the only ones initiating the surveillance software infection.

"An installer component, which would presumably be operated by law enforcement officers who gained access to the unlocked device, is responsible for delivering a headless surveillance module that remains on the device and collects extensive sensitive data," the Lookout report read.

Once installed, EagleMsgSpy gathers everything it can, including chat and text messages, screen and audio recordings, call logs, contacts, location data, and network activity, Lookout said. Additional evidence shows the vendor behind the spyware has multiple clients.

"Lookout researchers have observed an evolution in the sophistication of the use of obfuscation and storage of encrypted keys over time," the report warned. "This indicates that this surveillanceware is an actively maintained product whose creators make continuous efforts to protect it from discovery and analysis."

**About the Author**

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Chinese Cops Caught Using Android Spyware to Track Mobile Devices

The rules necessary to secure US communications have already been in place for 30 years, argues Sen. Wyden, the FCC just hasn't enforced them. It's unclear if they will help.

In the wake of a widespread telecommunications breach at the hands of China, a US senator is proposing legislation aimed at enforcing cybersecurity standards across the communications industry — but it's unclear how efficacious they could be.

Salt Typhoon (aka Earth Estries, FamousSparrow, GhostEmperor, UNC2286) recently overtook Volt Typhoon as China's threat actor du jour, thanks to a year-plus campaign of cyber espionage against at least eight telcos, including AT&T, Verizon, and T-Mobile. Its winnings were remarkable: Not only did the group manage to steal extensive metadata on calls and text messages between ordinary Americans, but they also reportedly accessed and even recorded calls involving high-ranking government officials. Reports from the same time highlighted breaches of both the Trump and Harris campaigns and the Biden administration. They're also active globally.

In the wake of that national security failure, Sen. Ron Wyden (D-Ore.) on Dec. 10 released draft legislation aimed at securing US phone networks. The "Secure American Communications Act" would require the Federal Communications Commission (FCC) to issue new cybersecurity rules for telcos and enforce those that have already been applied based on older legislation.

Related:Lessons From the Largest Software Supply Chain Incidents

"Sen. Wyden deserves credit for putting critical infrastructure security in the spotlight," says Madison Horn, former congressional candidate for Oklahoma's 5th district. She suggests, however, that the proposal is less revolutionary than rhetorical. "His push for stronger cybersecurity standards is important, but let's be clear — most of what he's calling for already exists."

**Has the FCC Been Negligent in Enforcing Telco Security?**

In a press release, Wyden's staff framed his bill not as a major change to the telecommunications industry, but a wake-up call — "to fix \[the FCC's\] own failure to fully implement telecom security requirements already required by federal law."

At issue is Title I, Section 105 of the Communications Assistance for Law Enforcement Act (CALEA), which:

Requires a carrier to ensure that any interception of communications or \[call-identifying information\] access effected within its switching premises can be activated only in accordance with a court order or other lawful authorization and with the affirmative intervention of a carrier officer or employee acting in accordance with Federal Communications Commission (FCC) regulations.

Wyden's camp argues that this proposition, formulated without specific regard for cyber systems, "required providers to secure their systems from unauthorized interceptions, and gave the FCC the authority to issue regulations to implement this requirement," adding that "in the years since, the FCC has never fully implemented this provision."

Related:Google Launches Open Source Patch Validation Tool

FCC Chairwoman Jessica Rosenworcel agreed, in a draft Declaratory Ruling shared with her fellow commissioners last week. And besides affirming that interpretation of Section 105, Rosenworcel floated a proposal requiring communications services providers (CSPs) to submit annual reports, "attesting that they have created, updated, and implemented a cybersecurity risk management plan, which would strengthen communications from future cyberattacks." Unlike the newly drafted bill in the Senate, this ruling would take effect immediately if it were adopted.

**What Wyden's Telco Security Bill Misses**

The Secure American Communications Act, similarly, proposes that CSPs conduct, document, and report annual vulnerability testing, and engage with independent auditors for annual assessments of FCC cybersecurity compliance. Above all, the bill proposes that the FCC enforce the spirit of Section 105 by implementing cybersecurity requirements aimed at blocking unauthorized access to these networks.

Related:Large-Scale Incidents & the Art of Vulnerability Prioritization

Are these the steps necessary to prevent the next Salt Typhoon-style attack against American communications?

In Horn's view, "The problem isn’t a lack of rules. Telcos are required to follow FCC rules, NIST standards, and ISO 27001 protocols. They conduct annual cybersecurity certifications, report breaches to multiple agencies — with CISA being a prime example — and manage supply chain risks. The efforts to secure supply chains, especially after Huawei’s impact, have already led to significant regulatory action."

Instead of a lack of rules and regulations, she argues, "It's largely a resources and scaling problem. We’re talking about a US telecommunications network that spans 800,000 miles of fiber-optic cables and 113,000 miles of long-haul fiber routes, not to mention undersea cables and satellite links. Every mile of that network introduces new endpoints and attack surfaces. The real challenge is ensuring the frameworks we already have can be implemented faster, more effectively, and at this monumental scale."

Bulky legacy systems ill-equipped to adapt to new cybersecurity guidelines, insufficient funding for cybersecurity projects, and an insufficient pool of cybersecurity talent nationwide aren't problems that can be fixed with any wave of a pen, either.

"Our adversaries are operating at the speed of war, while we’re moving at the speed of paperwork," she laments. "Attacks like Salt Typhoon don’t succeed because our policies failed — they succeed because our capacity to act didn’t keep pace with the threat."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Tag

#apple