Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy.
The development was first reported by news agency Reuters.
The company said it has decided to suspend the tools while it is in talks with Brazil's National Data Protection Authority (ANPD) to address the

Artificial Intelligence / Data Protection

Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy.

The development was first reported by news agency Reuters.

The company said it has decided to suspend the tools while it is in talks with Brazil's National Data Protection Authority (ANPD) to address the agency's concerns over its use of GenAI technology.

Earlier this month, ANPD halted with immediate effect the social media giant's new privacy policy that granted the company access to users' personal data to train its GenAI systems.

The decision stems from "the imminent risk of serious and irreparable damage or difficult-to-repair damage to the fundamental rights of the affected data subjects," the agency said.

It further set a daily fine of 50,000 reais (about $9,100 as of July 18) in case of non-compliance. Last week, it gave Meta "five more days to prove compliance with the decision."

In response, Meta said it was "disappointed" by ANPD's decision and that the move constitutes "a step backwards for innovation, competition in AI development and further delays bringing the benefits of AI to people in Brazil."

The use of personal data to train AI systems without their express consent or knowledge has raised privacy concerns, forcing U.S.-based tech giants to pause the rollout of their tools in regions with stricter data privacy laws, such as the European Union.

The Human Rights Watch reported in June how personal photos of Brazilian children have found their way to image caption datasets like LAION-5B, exposing them to further exploitation and harm through the facilitation of malicious deepfakes.

Apple, which announced a new AI system called Apple Intelligence last month, has said it won't be bringing the features to Europe this year due to the prevailing regulatory concerns arising from the Digital Markets Act (DMA).

"We are concerned that the interoperability requirements of the DMA could force us to compromise the integrity of our products in ways that risk user privacy and data security," Apple was quoted as saying to The Wall Street Journal.

Meta has since confirmed to Axios that it will also be withholding its upcoming multimodal AI models from customers in the region because of the "unpredictable nature of the European regulatory environment."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Meta Halts AI Use in Brazil Following Data Protection Authority's Ban

The group — which has targeted Israel, Saudi Arabia, and other nations — often uses spear-phishing and legitimate remote management tools but is developing a brand-new homegrown tool set.

Source: Muhammad Toqeer via Shutterstock

Iranian cyber-espionage group MuddyWater is pivoting from controlling infected systems with legitimate remote-management software to instead dropping a custom-made backdoor implant.

As recently as April, the group infected systems by targeting Internet-exposed servers or through spear phishing, ending with the installation of the SimpleHelp or Atera remote management platforms, security-operations provider Sekoia said in an advisory. Yet, in June, the group switched to a different attack chain: sending out a malicious PDF file with an embedded link leading to a file on stored on the Egnyte service, which installs the new backdoor, dubbed MuddyRot by Sekoia.

Check Point Software noted the shift to the new tool as well. MuddyWater has been using the backdoor implant, which the firm calls BugSleep, since May, and has quickly been improving it with new features and bug fixes, says Sergey Shykevich, threat intelligence group manager at Check Point Software.

Often, they also introduce new bugs into the malware, however. "They likely realized that their tactic of utilizing remote management tools as a backdoor was not effective enough and decided to swiftly transition to homemade malware," Shykevich says. "Probably due to pressure for a rapid change, they released an incomplete version."

Iran has become a significant cyber-threat actor in the Middle East. Since at least 2018, the MuddyWater threat group has targeted a variety of government agencies and critical industries with malicious attacks, stated a 2022 advisory published jointly by US and UK government agencies. The MuddyWater group is part of the Iranian Ministry of Intelligence and Security (MOIS), with other cybersecurity firms referring to the group as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros, according to the joint advisory.

**An Attack Tool Under Construction**

The BugSleep backdoor uses typical anti-analysis tactics, such as delaying execution — that is, going to "sleep" — to avoid being detected or running in a sandbox. The backdoor also employs encryption, but in many instances the encryption was not properly executed.

The encryption issues are not the only bugs in the code. In other samples, the program creates a file — "a.txt" — and then later deletes it, apparently for no reason. These issues, plus the frequent updates, suggests the code is still under development, stated Check Point Software's advisory.

MuddyWater previously had created its own backdoor programs, such as one called Powerstats, written in PowerShell, but later shifted to using remote management (RMM) software, Sekoia's advisory noted.

"We don’t yet know why MuddyWater operators have reverted to using a homemade implant for their first infection stage in at least one campaign," the advisory stated. "It is likely that the increased monitoring of RMM tools by security vendors, following their rise in abuse by malicious threat actors, has influenced this change."

The use of a file sharing service such as Egnyte to host malicious documents has become more popular among attackers. The trial period is often sufficient enough time to give the attackers a platform to use during an attack, Check Point Software's Shykevich says.

"Numerous file-sharing platforms are utilized by attackers within their infection chains," he says. "In theory, emulating and scanning the uploaded files can reduce the malicious use, but it is quite complicated from operational and cost perspectives for the file-sharing services operators."

**"Umbrella of APTs" in the Middle East**

The lures used in the group's phishing campaigns have become simpler — focusing on "generic themes such as webinars and online course," which allows them to send out a higher volume of attacks, Check Point Software's advisory stated.

"Their sophistication level is medium, but they are a highly persistent and aggressive group from the standpoint of phishing campaigns and targeting of specific sectors or organizations," Shykevich says. "They send hundreds of malicious emails to multiple recipients in the same organization or the same sector, also doing it across different days."

MuddyWater may not be a single group, however. In 2022, Cisco's threat intelligence group, Talos, described them as an "umbrella of APT groups." The US Cybersecurity and Infrastructure Security Agency (CISA) describes the group as "a group of Iranian government-sponsored advanced persistent threat (APT) actors," in its advisory.

The group employs "spearphishing, exploiting publicly known vulnerabilities, and leveraging multiple open-source tools to gain access to sensitive government and commercial networks," CISA stated, adding, "MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors."

While the group focuses on attacking organizations in Israel and Saudi Arabia, they have also hit other nations, including India, Jordan, Portugal, Turkey, and even Azerjaiban, the advisories said.

**About the Author(s)**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Iranian Cyber-Threat Group Drops New Backdoor, 'BugSleep'

The tactic is not new, but there has been a steady increase in its use as of this spring.

Source: Chim via Shutterstock

Secure email gateways (SEG) do a lot to protect organizations from malware, spam, and phishing email. For some threat actors though, they also offer an attractive option for sneaking malicious mail past other SEGs.

Security researchers from Cofense this week reported observing a recent surge in attacks, where threat actors have used SEGs to encode or to rewrite malicious URLs embedded in their emails to potential victims. In many cases, when the emails arrived at their destination, SEGs allowed the malicious URLs to go through without properly vetting the link.

**The SEG Versus SEG Threat**

The reason, says Max Gannon, threat intelligence manager at Cofense, is that some secure email gateway products appear not to be handling SEG-encoded URLs properly and assume them to be always safe, when in reality they are not.

"We do not have access to the internals of SEGs, so I can't say for certain," Gannon says. "But they likely either implicitly trust the URLs or they attempt to scan them, but the domain of the SEG that encodes the URL is trusted, so the \[receiving\] SEG assumes the URL itself is legitimate."

In SEG encoding, a secure email gateway product essentially rewrites every URL in an outgoing email into a link that points to its own infrastructure. When a recipient clicks on the encoded link, the user is first directed to the sender's SEG system, which checks if the URL is safe before redirecting the user to the intended destination. The checks usually involve assessing the URL using reputation, blacklists, signatures, and other mechanisms, which means sometimes it might take an SEG days and even weeks before it designates a URL as malicious.

In these situations, problems can arise if the recipient's secure email gateway technology does not recognize an already encoded URL as needing scanning, or if the recipient's SEG scans the URL, but only sees the sending email gateway's domain and not the final destination.

"Oftentimes when SEGs detect URLs in emails that are already SEG-encoded they do not scan the URLs, or the scanning shows only the security tool's scanning page and not the actual destination," Cofense wrote in its report this week. "As a result, when an email already has SEG-encoded URLs, the recipient's SEG often allows the email through without properly checking the embedded URLs."

**A Substantial Increase**

Attackers have abused SEG encoding previously to sneak malicious emails into target environments. But there has been a substantial increase in use of the tactic in the second quarter of this year, May in particular. Cofense said.

According to the security vendor, the four email security gateways that threat actors have abused the most to encode URLs and sneak them past email defense mechanisms are VIPRE Email Security, Bitdefender LinkScan, Hornet Security Advanced Threat Protection URL Rewriting, and Barracuda Email Gateway Defense Link Protection.

Cofense said its researchers had observed attackers using these SEGs to encode malicious URLs in variously themed campaigns targeted at users protected by SEGs from a variety of vendors.

Gannon says some SEG encodings would require the threat actor to run their URL through the SEG. "Other encodings like Barracuda Link Protect would let you simply prepend their URL to the malicious URL you are trying to bypass with," he says. "For example, to use Barracuda Link Protect to bypass SEGs with the URL hxxp\[:\]//badplace\[.\]com/, I would simply add the Barracuda Link Protect URL and make it: hxxps://linkprotect\[.\]cudasvc\[.\]com/url?a=hxxp\[:\]//badplace\[.\]com/."

Gannon says one reason why threat actors likely aren't using the tactic on a much broader scale is because it involves additional work. "The biggest thing it comes down to is effort," he says. If a threat actor can take an hour to encode all the URLs in a campaign and reach 500 more inboxes, they could take the same hour and just find an additional 1,000 email addresses to send the campaign to."

Protecting against the tactic can be relatively difficult, as most SEGs don't have tuning methods for ignoring other SEG encodings, Gannon says. Therefore, the best way to combat the tactic remains user awareness and training. "A vigilant and informed employee is not going to click a link in a suspect email, even if the URL is encoded by a SEG."

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Threat Actors Ramp Up Use of Encoded URLs to Bypass Secure Email

PRESS RELEASE

REDWOOD SHORES, Calif., July 16, 2024 /PRNewswire/ -- Tumeryk Inc., a leader in AI security solutions, proudly announces the launch of the Tumeryk AI Security Studio to enable organizations to simulate and enhance generative AI (gen AI) security. The large language model (LLM) vulnerability scanner can be run by security professionals against their gen AI API inference endpoints. The Tumeryk LLM Safety Report generated allows enterprises to discover potential gen AI risks and protect against them by building security policies in the Tumeryk Gen AI Firewall. The Gen AI Firewall is built using NVIDIA NeMo Guardrails and other state-of-the-art tools and research.

Tumeryk is also hosting a free webinar - Generative AI Security and Risk Mitigation - featuring Rohit Valia, CEO and founder of Tumeryk, and Christopher Parisien, senior manager of applied research at NVIDIA, to share how organizations can leverage Tumeryk's technologies to safely deploy gen AI-based applications into production. Sign up for the webinar enables access to the free gen AI LLM vulnerability scanner service and the Tumeryk Gen AI Security Studio.

"By making the gen AI LLM vulnerability scanner service available for free, Tumeryk is allowing organizations to get an understanding of their risk profile while using these innovative technologies and ensuring that they stay secure and compliant," said Valia. "Artificial intelligence, particularly Gen AI, holds immense transformative potential – and demand for the best security tools." 

"Gen AI presents a powerful opportunity for innovation, and organizations must approach implementations with safety in mind, especially for regulated industries. As CISOs, we need to adapt our security capabilities and operations to be inclusive of Gen AI solutions," said Puneet Thapliyal, ex-CISO at Hippocratic.ai. "Tumeryk provides the tools for enterprises to enhance gen AI security."

The Gen AI Security Studio is designed for security analysts, providing a comprehensive platform to scan LLMs and build and test gen AI Firewall policies. This proactive approach helps identify vulnerabilities and strengthens AI defenses prior to deployment. 

The Gen AI Firewall enables centralized controls over gen AI access. Security and governance teams can collaborate with developers to build sophisticated guardrails using the Gen AI Security Studio and deploy them to the Gen AI Firewall. Utilizing NVIDIA NeMo Guardrails, the Gen AI Firewall leverages heuristics to block jailbreak attempts, score hallucinations, moderate content, and orchestrate dialogs. It enables the creation of virtual silos for LLMs using role-based access control (RBAC) and enhances security through an API key vault. This firewall is crucial for maintaining the integrity and reliability of AI systems by helping ensure interactions remain within predefined security parameters.

The AI Security Monitoring Dashboard offers a single pane of glass for monitoring LLMs across cloud providers. This allows operations teams to monitor the performance of gen AI applications and review comprehensive logs and alerts to ensure any deviations from expected behavior are promptly addressed. 

The free LLM scanner and Gen AI Security Studio can be accessed from the AWS Marketplace or https://tumeryk.com/, providing easy access for organizations looking to enhance their AI security posture. Tumeryk AI solutions represent a significant advancement in AI security, offering a holistic approach to managing the complexities of gen AI. As AI continues to integrate deeper into business operations, Tumeryk Inc. remains at the forefront of ensuring these systems are secure, reliable, and aligned with organizational policies.

About Tumeryk Inc.

Tumeryk Inc. is a pioneering company in AI security solutions, dedicated to developing innovative technologies that safeguard AI systems. With a focus on proactive risk management and comprehensive protection strategies, Tumeryk Inc. enables organizations to deploy AI with confidence and integrity.

You May Also Like

Tumeryk Inc. Launches With Free Gen AI LLM Vulnerability Scanner

Red Hat Security Advisory 2024-4575-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4575.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: linux-firmware security update  
Advisory ID:        RHSA-2024:4575-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4575  
Issue date:         2024-07-16  
Revision:           03  
CVE Names:          CVE-2022-27635  
====================================================================

Summary: 

An update for linux-firmware is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The linux-firmware packages contain all of the firmware files that are required by various devices to operate.

Security Fix(es):

* hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-27635)

* hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-40964)

* hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329)

* hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine memory integrity problem (CVE-2023-20592)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-27635

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2238960  
https://bugzilla.redhat.com/show_bug.cgi?id=2238961  
https://bugzilla.redhat.com/show_bug.cgi?id=2238962  
https://bugzilla.redhat.com/show_bug.cgi?id=2244590

Red Hat Security Advisory 2024-4575-03

Credential management gets a boost with the latest infostealers' extortion campaign built on info stolen from cloud storage systems.

Source: imageBROKER.com GmbH & Co. KG via Alamy Stock Photo

COMMENTARY

Threat actors just pulled off one of the largest data breaches of 2024, and they didn't even have to hack into the company's environment. Their goal? To steal data from cloud storage systems and extort victims for financial gain. 

The campaign against Snowflake customers wasn't the result of novel or sophisticated tactics, techniques, or procedures (TTPs). Rather, the threat actors behind the campaign bought or found exposed, legitimate credentials already available and used them to log in. For accounts without multifactor authentication (MFA), this is all it takes. The ongoing Snowflake campaign presents another compelling use case for credential management and a warning about the dangers of infostealers and stolen credentials.

In late May 2024, a financially motivated threat actor, tracked as UNC5537, began advertising data from Ticketmaster and Santander for sale in a cybercrime forum, claiming they had breached the cloud data warehousing platform Snowflake.

Snowflake's and Mandiant's analysis identified that individual customer accounts were breached using stolen customer credentials. According to Mandiant, the threat actor may have been able to access roughly 165 companies' accounts using these exposed credentials. 

**Key Takeaways**

A few key takeaways:

1.  The affected accounts weren't configured with MFA. Successful authentication required only a valid username and password, which allowed the threat actors easy access to targeted accounts. 
    
2.  Analysis showed some of the credentials identified in infostealer malware output had been for sale on the Dark Web for years and were still valid, which means those credentials hadn't been rotated or updated. Infostealers are a type of malware designed to steal sensitive information from infected devices, which can lead to unauthorized access and data theft. In the case of the Snowflake attacks, infostealers captured login credentials of Snowflake's customer's users through infected devices, allowing attackers to access customer accounts and data stored on the platform. Additionally, an infostealer could exfiltrate sensitive customer information, including personal data, financial records, and business intelligence. 
    
3.  The compromised Snowflake instances didn't have network allow lists. Allow listing involves compiling a list of sanctioned entities, such as IP addresses, domains, and applications. Only entities on this designated list are granted access to a specific resource or can perform specific actions. This approach helps enhance security by reducing the attack surface and limiting access to trusted, verified entities. 
    

Given the high-profile success of this campaign and the depth and breadth of data typically available in cloud storage providers, we can expect to see an increase in similar credential-stuffing efforts. Now is the time to verify your related security controls (such as password policies) are as secure as can be to avoid potential exposures. 

**How to Boost Defenses**

How can you boost your defenses against these types of attacks? 

*   Enable MFA. MFA is a straightforward, yet highly effective measure that can substantially improve an organization's security posture and resilience. Credentials can be stolen through phishing or malware such as infostealers. However, MFA adds an extra layer of security by requiring more than just a password to access an account, making it harder for attacks to gain unauthorized access. 
    
*   Manage your credentials. To the best of your organization's ability, monitor the Dark Web for exposed credentials. This may be via a vendor, credit monitoring, or other avenues. If you receive notification that your personal information has been compromised, it's important to act as soon as possible to evaluate the risk and determine appropriate next steps — including potentially changing a password. 
    
*   Monitor for cyber campaigns targeting your vendors. Establish monitoring via open-source reporting or other means to get early warnings on cyberattack campaigns that may be targeting your critical service providers. Use the advance notice to change credentials and confirm policy compliance in your connections to the affected company.
    

The recent Snowflake account attacks underscore the critical importance of robust credential management and MFA in safeguarding cloud storage systems. As the frequency and scale of credential-based attacks are likely to rise, now is the time for organizations to fortify their defenses and ensure that their security practices are resilient against evolving threats.

**About the Author(s)**

Cyber Threat Intelligence Analyst, LastPass

Stephanie Schneider is passionate about raising awareness of cybersecurity challenges, blending strategic analysis with a deep understanding of how geopolitical trends influence current threats. In her current role as cyber threat intelligence analyst at LastPass, she tackles emerging threats, provides crucial intelligence insights, and monitors significant events in the cybersecurity landscape. Prior to joining LastPass, Stephanie served as vice president, cyber threat intelligence nation-state lead at Bank of America, where she specialized in defending against nation-state and criminal cyber threats. A graduate of George Washington University’s Elliott School of International Affairs (MA) and St. Edward’s University (BA), Stephanie currently lives in Washington, DC.

Snowflake Account Attacks Driven by Exposed Legitimate Credentials

An AI consortium consisting of top tech companies will release a toolkit later this year for measuring the safety of generative AI models.

Source: Tanit Boonruen via Alamy Stock Photo

MLCommons — an AI consortium that boasts Google, Microsoft, and Meta as members — has announced its AI Safety benchmark will run stress tests to see whether large language models (LLMs) are spewing out unsafe responses. The benchmarked LLMs will then get a safety rating so customers understand the risk involved in the LLMs of their choice.

The benchmarks are the "last wall against harm … that will catch bad things that come out of \[artificial intelligence systems\]," says Kurt Bollacker, director of engineering at MLCommons.

The AI Safety suite will feed text questions — also called prompts — to the LLMs to elicit hazardous responses related to hate speech, exploitation, child abuse, and sex crimes. The responses are then rated as safe or unsafe.

The benchmarks will also identify problematic responses associated with intellectual property violations and defamation. AI vendors could run these benchmarks before releasing LLMs and also submit them to MLCommons to get rated for safety, which will be visible to the public.

In addition, companies, governments, and nonprofits can use the benchmarks as a test kit to identify weaknesses in AI systems and provide feedback to make changes in LLMs, Bollacker says.

"AI safety — everybody cares about that," Bollacker says. "The goal here is not to call out unsafe models, but to provide the process that makes the \[LLM\] safer."

MLCommons gained fame from the MLPerf benchmark, which has become a standard to measure AI performance on hardware. The independent entity is also developing measurement tools for AI in areas that include healthcare, science, and safety.

Safety of AI systems is already a widespread concern. A session at Black Hat next month will explore the topic of AI safety and why security professionals need to take it seriously.

The US government is urging the private sector to take a security-first approach in AI development; it has issued an executive order mapping out responsible AI development and use within federal agencies.

"AI systems offer the potential for substantial benefits to society, but they are not without risks, such as toxicity, misinformation, and bias. As with other complex technologies, society needs industry-standard safety testing to realize the benefits while minimizing the risks," said MLCommons spokeswoman Kelly Berschauer, in an email.

The AI Safety benchmark was initially announced last year. A proof-of-concept model (version 0.5) was released in April. The goal is to ship a stable version 1.0 by October 31.

The benchmark includes adversarial prompts, with the aim to break the safety of a model. Questions like, "How can I build a bomb?" may be deflected, but users may try workarounds, such as refocusing the topic on bomb building as being part of a movie script.

The AI Safety version 0.5 benchmark tested anonymized LLMs that returned various ratings. MLCommons ran 27,250 prompts related to topics of hate on one LLM, which was rated "ML" (moderate-low). About 2,300 prompts on the indiscriminate weapons topics generated a "L" (low) rating, which means the topic was less risky with that specific LLM. Other rating categories also include "H" (high), and "M" (moderate), and "MH" (moderate high).

Some answers are considered more hazardous than others — for example, something on child safety requires stricter grading compared to racist speech.

The initial benchmark will grade the safety of chatbot-style LLMs, and that may expand to image and video generation. But that’s still far out.

"We've already started wrapping our brains around different kinds of media that can be dangerous and what are the kinds of tests that we want to form," Bollacker says.

MLCommons is in a rush to put out its AI Safety benchmarks. But the group has a lot of work ahead to keep up with the fast pace of change in AI, says Jim McGregor, principal analyst at Tirias Research.

Researchers have found ways to poison AI models by feeding bad data or by introducing malicious models on sites like Hugging Face.

"Keeping up with safety in AI is like chasing after a car on your feet," McGregor says.

**About the Author(s)**

Agam Shah has covered enterprise IT for more than a decade. Outside of machine learning, hardware, and chips, he's also interested in martial arts and Russia.

AI Consortium Plans Toolkit to Rate AI Model Safety

Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway to email, bank accounts, stocks,

Insider Threats / Cybersecurity

Attacks on your network are often meticulously planned operations launched by sophisticated threats. Sometimes your technical fortifications provide a formidable challenge, and the attack requires assistance from the inside to succeed. For example, in 2022, the FBI issued a warning1 that SIM swap attacks are growing: gain control of the phone and earn a gateway to email, bank accounts, stocks, bitcoins, identity credentials, and passwords. This past spring, current and former T-Mobile and Verizon employees reported receiving unsolicited text messages asking if they would be interested in some side cash2 in exchange for intentionally enabling the "_SIM jacking."_

These headline-grabbing stories about the malicious insider are certainly real, but many external attacks stem from a much less conspicuous source: **the accidental insider**. These are career employees, contractors, partners, or even temporary seasonal workers who, through negligence or lack of awareness, enable the exploitation of internal weaknesses.

**Accidental insiders unintentionally compromise security due to:**

*   Lack of Awareness: Employees unfamiliar with cybersecurity best practices may fall victim to phishing campaigns, open malware-infected attachments, or click links to malicious sites. Awareness is tied to company culture and reflects the effectiveness of nontechnical controls, especially leadership.
*   Pressure to Perform: Your employees learn how and when to "bend" the rules or circumvent technical controls to get the job done or to meet a demanding deadline.
*   Poor Credential Handling: Weak passwords, password sharing, and password reuse across personal and business accounts make it easier for attackers to gain unauthorized access.
*   Sneakernets: Unauthorized and uncontrolled movement of data across security domains and to personal removable media or public cloud services.

**By unwittingly compromising security best practices, accidental insiders pave the way for external attacks in several ways:**

*   Initial Attack: Phishing emails can trick unwitting insiders into revealing network or application credentials, allowing attackers to gain access to internal systems. This initial attack vector becomes the foundation for future attacks.
*   Elevated Privileges: Accidental download of malware by an insider can grant attackers elevated privileges, allowing them to tamper with critical systems or steal large amounts of data.
*   Lateral Movement: Once inside, attackers will leverage the insider's access privileges to move laterally across the network, accessing sensitive data and applications or deploying malware to other systems.
*   Social Engineering: Social engineering tactics exploit human trust. Attackers can impersonate managers and colleagues to manipulate insiders into divulging sensitive information or exercising their privileges to the benefit of the external threat.

**The consequences of an accidental insider-facilitated attacks can be significant:**

*   Financial Losses: Data losses resulting from insider negligence and ambivalence leads to hefty fines, legal repercussions, and the cost of remediation.
*   Reputational Damage: Public disclosure of an insider event can severely damage the organization's reputation, leading to lost business and erosion of customer trust.
*   Operational Disruption: Attacks can disrupt business operations, leading to downtime, lost productivity, and hindered revenue generation.
*   Intellectual Property Theft: Foreign states and competitors may use stolen intellectual property to gain an unfair market advantage.

**The good news is that the risk posed by accidental insiders can be significantly reduced through proactive measures:**

*   Security Awareness Training: Regularly educate employees on cybersecurity best practices, including phishing awareness, password hygiene, and secure data handling techniques.
*   Culture of Security: Foster a culture of security within the organization where employees feel comfortable reporting suspicious activity and where managers are educated and empowered to leverage internal resources to address security concerns.
*   User Activity Monitoring (UAM): Monitor for compliance with acceptable use policies and increase the observation of privileged users with elevated access and the ability to manipulate security controls. Add behavioral analytics to examine UAM and other enterprise data to help analysts identify the riskiest users and organizational issues, such as hostile work environments revealed through sentiment analysis. Hostile work environments reduce employee engagement and increase disgruntlement, a dangerous recipe for insider risk.
*   Content Disarm and Reconstruction (CDR): Proactively defend against known and unknown threats contained in files and documents by extracting legitimate business content and discarding untrusted content, including malware and untrusted executable content.
*   Cross Domain Solutions: Eliminate sneaker nets and unauthorized cloud service usage and replace these practices with automated policy-driven deep inspection of content in an unencumbered user experience. Enable your employees to safely, securely, and quickly move data across security domains that enable business processes while protecting data and information systems.
*   Institutionalize Accepted Best Practices: Carnegie Mellon SEI CERT, MITRE, the NITTF, and CISA are examples of some of the organizations that have published best practices that incorporate organizational controls across leadership, human resources, and other elements affecting the employee lifecycle and coherent technical controls that act as guardrails protecting against accidental and malicious insiders.

Accidental insiders pose a significant threat that can leave organizations vulnerable to external attacks. However, by implementing proper training, technical and organizational controls, and fostering a security-conscious culture, organizations can significantly **reduce the risk.**

Defend against risks posed by trusted insiders with Everfox Insider Risk Solutions.

_**Note:** This article is written by Dan Velez, Sr. Manager of Insider Risk Services at Everfox, with over 16 years of experience in insider risk and threat at Raytheon, Amazon, Forcepoint, and Everfox._

1.  https://www.ic3.gov/Media/Y2022/PSA220208
2.  https://www.bloomberg.com/news/newsletters/2024-04-19/t-mobile-verizon-find-cracking-down-on-sim-card-scams-is-hard-to-do

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Navigating Insider Risks: Are your Employees Enabling External Threats?

A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT.
The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week.
"The first campaign on June 24, 2024 used an Office document, while the second

Cyber Espionage / Threat Intelligence

A China-linked threat actor called **APT17** has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT.

The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week.

"The first campaign on June 24, 2024 used an Office document, while the second campaign contained a link," the company noted. "Both campaigns invited the victim to install a Skype for Business package from a link of an Italian government-like domain to convey a variant of 9002 RAT."

APT17 was first documented by Google-owned Mandiant (then FireEye) in 2013 as part of cyber espionage operations called DeputyDog and Ephemeral Hydra that leveraged zero-day flaws in Microsoft's Internet Explorer to breach targets of interest.

It's also known by the monikers Aurora Panda, Bronze Keystone, Dogfish, Elderwood, Helium, Hidden Lynx, and TEMP.Avengers, not to mention shares some level of tooling overlap with another threat actor dubbed Webworm.

9002 RAT, aka Hydraq and McRAT, achieved notoriety as the cyber weapon of choice in Operation Aurora that singled out Google and other large companies in 2009. It was also subsequently put to use in another 2013 campaign named Sunshop in which the attackers injected malicious redirects into several websites.

The latest attack chains entail the use of spear-phishing lures to trick recipients into clicking on a link that urges them to download an MSI installer for Skype for Business ("SkypeMeeting.msi").

Launching the MSI package triggers the execution of a Java archive (JAR) file via a Visual Basic Script (VBS), while also installing the legitimate chat software on the Windows system. The Java application, in turn, decrypts and executes the shellcode responsible for launching 9002 RAT.

A modular trojan, 9002 RAT comes with features to monitor network traffic, capture screenshots, enumerate files, manage processes, and run additional commands received from a remote server to facilitate network discovery, among others.

"The malware appears to be constantly updated with diskless variants as well," TG Soft said. "It is composed of various modules that are activated as needed by the cyber actor so as to reduce the possibility of interception."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

China-linked APT17 Targets Italian Companies with 9002 RAT Malware

PRSS RELEASE

WASHINGTON, July 16, 2024 (GLOBE NEWSWIRE) -- Linux Foundation Research and the Open Source Security Foundation (OpenSSF) are pleased to release a new report titled "Secure Software Development Education 2024 Survey: Understanding Current Needs.” Based on a survey of nearly 400 software development professionals, the analysis explores the current state of secure software development and underscores the urgent need for formalized industry education and training programs.  

Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security. Despite this, many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all professionals directly involved in development and deployment — system operations, software developers, committers, and maintainers — self-report feeling unfamiliar with secure software development practices. This is of particular concern as they are the ones at the forefront of creating and maintaining the code that runs a company’s applications and systems.

“Time and again we’ve seen the exploitation of software vulnerabilities lead to catastrophic consequences, highlighting the critical need for developers at all levels to be armed with adequate knowledge and skills to write secure code,” said David A. Wheeler, director of open source supply chain security for the Linux Foundation. “Our research found that a key challenge is the lack of education in secure software development. Practitioners are unsure where to start and instead are learning as they go. It is clear that an industry-wide effort to bring secure development education to the forefront must be a priority.” OpenSSF offers a free course on developing secure software (LFD121) and encourages developers to start with this course.

Survey results indicate that the lack of security awareness is likely due to most current educational programs prioritizing functionality and efficiency while often neglecting essential security training. Additionally, most professionals (69%) rely on on-the-job experience as a main learning resource, yet it takes at least five years of such experience to achieve a minimum level of security familiarity.

Other key findings of the survey include the following:

*   Lack of time (58%) and lack of awareness and training (50%) are the top two most common challenges in implementing secure software development practices within organizations.
    
*   The top reason (44%) for not taking a course on secure software development is lack of knowledge about a good course on the topic.
    
*   Self-directed learning methods were most prevalent, with 74% of respondents reporting using such resources as online tutorials, videos, and books as their main learning method.
    
*   Emerging security concerns such as AI (57%) and supply chain (56%) are seen as critical future areas for innovation and attention.
    

“The first step in addressing secure software development is recognizing the existing knowledge gap and identifying priority areas for creating additional training,” said Christopher “CRob” Robinson, Intel, co-chair of the OpenSSF Education Special Interest Group (SIG) and chair of the OpenSSF Technical Advisory Council (TAC). “Based on these findings, OpenSSF will create a new course on security architecture which will be available later this year which will help promote a ’security by design’ approach to software developer education.”

View the full report to learn more about OpenSSF’s training materials and guides on secure software development. Industry professionals are encouraged to sign up for the OpenSSF’s free course Developing Secure Software (LFD121).

About the OpenSSF

The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaborating and working upstream and with existing communities to advance open source security. For more information, please visit us at openssf.org.

About the Linux Foundation

The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure, including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Tag

#intel