PRESS RELEASE

NEW YORK, Oct. 30, 2024 /PRNewswire/ -- Industrial manufacturers ranked network security as their top cybersecurity investment to guard against adverse cyber events, according to a recent State of Technology in Manufacturing survey by global technology intelligence firm ABI Research. With increasingly connected and digitized industrial assets providing ever more information about processes and workforce, manufacturers are focusing their security on network security technologies such as authentication and access control. Coupled with a growing body of industrial-focused security regulation and an expanding cybercrime element (for whom data in discrete manufacturing processes are extremely high value), this puts pressure on manufacturers to safeguard their operations better.

Network breaches can have significant repercussions on industrial manufacturers. Unplanned downtime impacts production, which could lead to revenue loss or potential regulatory liability for data breaches. In Europe alone, three regulatory instruments impose financial penalties for non-compliance: the General Data Protection Regulations, the NIS2 Directive, and the Cyber Resilience Act.

"Industrial manufacturers are one of the top targeted sectors by threat actors. Not only is counterfeiting in contract manufacturing rife, but ransomware is a prevalent threat," says Michela Menting, Senior Research Director. "Supply chain vulnerabilities and social engineering constitute important vectors for threat actors, and manufacturers are understandably concerned about security as they increasingly connect their industrial assets to operational networks."

Demand for cybersecurity solutions focused on operational technologies is growing quickly as a result, with ABI Research forecasting a US$2 billion market globally in 2024. Much of it is driven by demand for network security and segmentation technologies. This correlates with the survey findings, with manufacturers citing network security solutions such as access control, authentication, and threat detection as their top security investments.

These findings are from ABI Research's Industrial and Manufacturing Survey 1H 2024: Cybersecurity Impacts and Investments report. This report is part of the company's OT Cybersecurity research service, which includes research, data, and ABI Insights.

About ABI Research

ABI Research is a global technology intelligence firm delivering actionable research and strategic guidance to technology leaders, innovators, and decision makers around the world. Our research focuses on the transformative technologies that are dramatically reshaping industries, economies, and workforces today.

ABI Research是一家国际科技情报公司，为全球科技领袖、创新人士和决策者提供实用的市场研究和战略性指导。我们密切关注一切为各行各业、全球经济和劳动市场带来颠覆性变革的创新与技术。

For more information about ABI Research's services, contact us at +1.516.624.2500 in the Americas, +44.203.326.0140 in Europe, +65.6592.0290 in Asia-Pacific, or visit www.abiresearch.com.

You May Also Like

20% of Industrial Manufacturers Are Using Network Security as a First Line of Defense

The shift to cloud means securing your organization's digital assets requires a proactive, multilayered approach.

Source: Zoonar GmbH via Alamy Stock Photo

COMMENTARY

The network structure of organizations has drastically changed post-pandemic with the adoption of cloud, and security teams are struggling to keep up with the pace. Cloud security is different — dynamic, unpredictable, and complex — when compared to on-premises security. The perimeterless architecture of the cloud, use of multicloud infrastructure and applications, and shared responsibility model between cloud security providers and enterprises that use them make cloud security an entirely different ballgame.

With over 72% of organizations using multicloud applications, malicious actors are fishing in troubled waters. As more enterprises move to the cloud to run their businesses more efficiently, attackers are sharpening their tactics and techniques regarding cloud exploits. They have started adopting cutting-edge technologies, like artificial intelligence (AI), machine learning, and deepfakes, to expand their attack surface, especially to exploit cloud networks.

Lack of visibility contributes to the most common cloud security threats, which stem from misconfigurations, unauthorized access, and more. The lift-and-shift approach, which businesses have increasingly adopted in recent times, continues to accelerate cloud threats by enabling these misconfigurations and identity-based threats to be exploited.

While organizations might have security systems in place, ensuring cloud security can be challenging due to the complexity of architecture and the shared responsibility mechanism. A proactive approach to cybersecurity is critical in protecting an organization from potential cloud security threats. Here are five key points to consider when implementing a proactive approach.

**Reduce the Cloud Attack Surface**

As attackers increasingly target the organization's cloud environment with cloud-specific exploits and malware, organizations must consider reducing the attack surface. If defenders have a limited view of the environment, attackers can lurk in the cloud for a longer time and potentially cause more destruction.

Reducing the attack surface does not necessarily mean reducing the number of cloud applications a business uses. To limit adversaries' access to cloud resources, CISOs should adopt layered security and regularly conduct cloud security risks assessments and audits. Ensuring a healthy cloud security posture and adopting AI-based behavior profiling should be part of the cloud security strategy. These help security operations centers (SOCs) proactively function and reduce the cloud surfaces exposed to adversaries.

**Pair Investigation and Response With Protection and Detection**

Organizations have been focusing on spotting threats using various threat detection mechanisms and even proactively hunting vulnerabilities that will lead to potential security threats. However, they must understand that no security system guarantees the prevention of all threats. It's imperative for CISOs to invest in technologies and analytical platforms that facilitate quick investigation of threats and automate responses to remediate threat conditions. When a threat or attack occurs in the cloud, assessing the potential impact across the distributed and multitenant surface is challenging. Therefore, it is essential to use a centralized platform for investigating threats across the multicloud environment and have a response center that can automate workflows by orchestrating with different cloud apps to reduce the mean time to resolve (MTTR) a threat or incident.

**Correlate Events Across the Network**

The correlation between network events and cloud activities is largely similar, but there are specific considerations for detecting cloud security data. Correlation rules for cloud security must be meticulously designed, tested, and implemented with precision. In comparison, detecting data exfiltration in an on-premises environment is relatively simpler since it involves correlating suspicious access to sensitive data with abnormal communication channel activities. The effectiveness of data exfiltration detection depends on the extent to which defense systems capture and analyze unusual traffic behaviors, such as atypical protocol usage or unauthorized access to cloud storage or accounts, Web services, or any other unconventional means.

In the cloud, data exfiltration, particularly from cloud applications, is often identified by correlating access and security logs from the respective applications. For example, when investigating potential customer data exfiltration from a cloud-based CRM tool, SOC professionals should correlate the application's logs with those of other cloud applications, such as email or collaborative platforms. Correlating an individual's suspicious activities within the CRM application with their corresponding account logs in a collaborative platform can uncover two potential threats: compromises of the user's account in the collaborative platform and exfiltration of customer data through the CRM. This correlation rule facilitates a comprehensive assessment of the incident's impact by correlating compromised user account activities across all synchronized applications by employing single sign-on across multiple cloud apps.

**Tackle Shadow IT**

One of the biggest challenges the cloud brings is shadow IT. Even though organizations sanction secure applications for employees to use, at times employees use certain applications that don't fall under the purview of the security teams. These applications can lead to security loopholes and vulnerabilities, causing a massive threat to the organization.

**Take an Identity-Based Approach to the Cloud**

As enterprises move to the cloud, identity security will overtake endpoint security. Security teams are increasingly interested in finding out "who" more than "how" and "why." Taking an identity-based approach to cloud security can help map cloud activities to the respective users in the network. Contextual data can be derived by analyzing who accessed cloud resources and data rather than from where. Identity mapping and AI-behavioral analytics will be the cornerstone for most cloud security threat detection.

In conclusion, a proactive approach to cybersecurity is essential for protecting an organization's assets and maintaining trust with stakeholders. In addition to the above points, organizations can better defend against potential cyberthreats by conducting regular risk assessments, providing employee education and training, regularly updating software and security tools, implementing multifactor authentication, and having a well-defined incident response plan.

It is important to remember that cybersecurity is an ongoing process that requires constant attention and adaptation to stay ahead of evolving threats. By implementing these practices and continuously evaluating and improving them, organizations can effectively mitigate risks and ensure the safety of their digital assets.

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

**About the Author**

vice president, ManageEngine

Manikandan Thangaraj is Vice President at ManageEngine, the enterprise IT management division of Zoho Corporation, and has been with the company for over 20 years. During Zoho’s journey from being a bootstrapped startup to becoming an enterprise software company, Manikandan has been instrumental in building solutions for some of the industry's most complex challenges like cybersecurity, identity and access management, cloud, and the Microsoft ecosystem. Currently, he spearheads a dynamic team of passionate engineers, marketing experts, solutions consultants, and product managers—all IT enthusiasts at heart, committed to changing the status quo of major business challenges with an intuitive and solution-centric approach.

5 Ways to Save Your Organization From Cloud Security Threats

The group seeks out aerospace professionals by impersonating job recruiters — a demographic it has targeted in the past as well — then deploys the SlugResin backdoor malware.

Source: Iain Masterton via Alamy Stock Photo

A phishing campaign, active since last September, is targeting users on LinkedIn and other platforms by impersonating job recruiters in the aerospace industry.

ClearSky attributed the campaign to Iranian-linked threat actor TA455, which uses a spear-phishing approach to target and lure individuals. Once connected with its victims, the threat actors encourage them to download a zip file called "SIgnedConnection.zip."

Along with this, the threat actors also provide a PDF guide to their victims to instruct them on how to safely download and open the zip files.

The zip file contains an executable file that loads the malware onto the victim's device through DLL side-loading. A DLL file called "secure32\[.\]dll" is loaded onto their system, allowing the attacker access to run an undetected code.

Once this is done, the malware initiates an infection chain, which ultimately deploys Snail Resin malware, opening a backdoor titled "SlugResin." This malware and backdoor are both attributed to Charming Kitten, another Iranian threat actor, according to researchers at ClearSky.

The group uses several methods to evade detection, including encoding command-and-control (C2) communications on GitHub to make it more difficult for traditional detection tools to recognize that it's a threat, and it mimics tactics associated with Lazarus Group, causing complications in attribution.

Like past campaigns, TA455 is targeting aerospace professionals, so individuals in this field on platforms such as LinkedIn should be wary of messages and connections they receive from unknown sources.

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

**About the Author**

Iranian Cybercriminals Target Aerospace Workers via LinkedIn

The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models.

Source: Krot Studio via Alamy Stock Photo

Google has fixed two flaws in Vertex AI, its platform for custom development and deployment of large language models (LLMs), that could have allowed attackers to exfiltrate proprietary enterprise models from the system. The flaw highlights once again the danger that malicious manipulation of artificial intelligence (AI) technology present for business users.

Researchers at Palo Alto Networks Unit 42 discovered the flaws in Google's Vertex AI platform, a machine learning (ML) platform that allows enterprise users to train and deploy ML models and AI applications. The platform is aimed at allowing for custom development of LLMs for use in an organization's AI-powered applications.

Specifically, the researchers discovered a privilege escalation flaw in the "custom jobs" feature of the platform, and a model exfiltration flaw in the "malicious model" feature, Unit 42 revealed in a blog post published on Nov. 12.

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

Related:Cloud Ransomware Flexes Fresh Scripts Against Web Apps

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

The first bug allowed for exploitation of custom job permissions to gain unauthorized access to all data services in the project. The second could have allowed an attacker to deploy a poisoned model in Vertex AI, leading to "the exfiltration of all other fine-tuned models, posing a serious proprietary and sensitive data exfiltration attack risk," Palo Alto Networks researchers wrote in the post.

Unit 42 shared its findings with Google, and the company has "since implemented fixes to eliminate these specific issues for Vertex AI on the Google Cloud Platform (GCP)," according to the post.

While the imminent threat has been mitigated, the security vulnerabilities once again demonstrate the inherent danger that occurs when LLMs are exposed and/or manipulated with malicious intent, and how quickly the issue can spread, the researchers said.

"This research highlights how a single malicious model deployment could compromise an entire AI environment," the researchers wrote. "An attacker could use even one unverified model deployed on a production system to exfiltrate sensitive data, leading to severe model exfiltration attacks."

Related:5 Ways to Save Your Organization From Cloud Security Threats

**Poisoning Custom LLM Development**

The key for exploiting the flaws that were discovered lies within a feature of Vertex AI called Vertex AI Pipelines, which allow users to tune their models using custom jobs, also referred to as "custom training jobs." "These custom jobs are essentially code that runs within the pipeline and can modify models in various ways," the researchers explained.

However, while this flexibility is valuable, it also opens the door to potential exploitation, they said. In the case of the vulnerabilities, Unit 42 researchers were able to abuse permissions within what's called a "service agent" identity of a "tenant project" — connected through the project pipeline to the "source project," or fine-tuned AI model created within the platform. A service agent has excessive permissions to many permissions within a Vertex AI project.

From this position, the researchers could either inject commands or create a custom image to create a backdoor that allowed them to gain access to the custom model development environment. They then deployed a poisoned model for testing within Vertex AI that allowed them to gain further access to steal other AI and ML models from the test project.

Related:2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

"In summary, by deploying a malicious model, we were able to access resources in the tenant projects that allowed us to view and export all models deployed across the project," the researchers wrote. "This includes both ML and LLM models, along with their fine-tuned adapters."

This method presents "a clear risk for a model-to-model infection scenario," they explained. "For example, your team could unknowingly deploy a malicious model uploaded to a public repository," the researchers wrote. "Once active, it could exfiltrate all ML and fine-tuned LLM models in the project, putting your most sensitive assets at risk."

**Mitigating AI Cybersecurity Risk**

Organizations are just beginning to have access to tools that can allow them to build their own in-house, custom LLM-based AI systems, and thus the potential security risks and solutions to mitigate them are still very much uncharted territory. However, it's become clear that gaining unauthorized access to LLMs created within an organization is one surefire way to expose that organization to compromise.

At this stage, key to securing any custom-built models is to limit the permissions of those in the enterprise that have access to it, the Unit 42 researchers noted. "The permissions required to deploy a model might seem harmless, but in reality, that single permission could grant access to all other models in a vulnerable project," they wrote in the post.

To protect against such risks, organizations also should implement strict controls on model deployments. A fundamental way to do this is to ensure an organization's development or test environments are separate from its live production environment.

"This separation reduces the risk of an attacker accessing potentially insecure models before they are fully vetted," Balassiano and Shaty wrote. "Whether it comes from an internal team or a third-party repository, validating every model before deployment is vital."

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 am ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Google AI Platform Bugs Leak Proprietary Enterprise LLMs

CISOs understand the risk scenarios that can help create safeguards so everyone can use AI safely and focus on the technology's promises and opportunities.

Lucas Moody, Chief Information Security Officer, Alteryx

November 13, 2024

4 Min Read

Source: Andreas Prott via Alamy Stock Photo

COMMENTARY

No one wants to miss the artificial intelligence (AI) wave, but the "fear of missing out" has leaders poised to step onto an already fast-moving train where the risks can outweigh the rewards. A PwC survey highlighted a stark reality: 40% of global leaders don't understand the cyber-risks of generative AI (GenAI), despite their enthusiasm for the emerging technology. This is a red flag that could expose companies to security risks from negligent AI adoption. This is precisely why a chief information security officer (CISO) should lead in AI technology evaluation, implementation, and governance. CISOs understand the risk scenarios that can help create safeguards so everyone can use the technology safely and focus more on AI's promises and opportunities. 

**The AI Journey Starts With a CISO **

Embarking on the AI journey can be daunting without clear guidelines, and many organizations are uncertain about which C-suite executive should lead the AI strategy. Although having a dedicated chief AI officer (CAIO) is one approach, the fundamental issue remains that integrating any new technology inherently involves security considerations. 

The rise of AI is bringing security expertise to the forefront for organizationwide security and compliance. CISOs are critical to navigating the complex AI landscape among emerging new regulations and executive orders to ensure privacy, security, and risk management. As a first step to an organization's AI journey, the CISOs are responsible for implementing a security-first approach to AI and establishing a proper risk management strategy via policy and tools. This strategy should include:   

Related:Dark Reading Confidential: Pen-Test Arrests, 5 Years Later

*   Aligning AI goals: Establish an AI consortium to align stakeholders and the adoption goals with your organization's risk tolerance and strategic objectives to avoid rogue adoption.  
    

*   Collaborating with cybersecurity teams: Partner with cybersecurity experts to build a robust risk evaluation framework.  
    

*   Creating security-forward guardrails: Implement safeguards to protect intellectual property, customer and internal data, and other critical assets against cyber threats.  
    

**Determining Acceptable Risk **

Although AI has plenty of promise for organizations, rapid and unrestrained GenAI deployment can lead to issues like product sprawl and data mismanagement. Preventing the risk associated with these problems requires aligning the organization's AI adoption efforts.  

CISOs ultimately set the security agenda with other leaders, like chief technology officers, to address knowledge gaps and ensure the entire business is aligned on the strategy to manage governance, risk, and compliance. CISOs are responsible for the entire spectrum of AI adoption — from securing AI consumption (i.e., employees using ChatGPT) to building AI solutions. To help determine acceptable risk for their organization, CISOs can establish an AI consortium with key stakeholders that work cross-functionally to surface risks associated with the development or consumption of GenAI capabilities, establish acceptable risk tolerances, and act as a shared enforcement arm to maintain appropriate controls on the proliferation of AI use. 

Related:Varonis Warns of Bug Discovered in PostgreSQL PL/Perl

Suppose the organization is focused on securing AI consumption. In that case, the CISO must determine how employees can and cannot use the technology, which can be whitelisted or blacklisted or more granularly managed with products like Harmonic Security that enable a risk-managed adoption of SaaS-delivered GenAI tech. On the other hand, if the organization is building AI solutions, CISOs must develop a framework for how the technology will work. In either case, CISOs must have a pulse on AI developments to recognize the potential risks and stack projects with the right resources and experts for responsible adoption. 

Related:The Vendor's Role in Combating Alert Fatigue

**Locking in Your Security Foundation  **

Since CISOs have a security background, they can implement a robust security foundation for AI adoption that proactively manages risk and establishes the correct barriers to prevent breakdowns from cyber threats. CISOs bridge the collaboration of cybersecurity and information teams with business units to stay informed about threats, industry standards, and regulations like the EU AI Act.  

In other words, CISOs and their security teams establish comprehensive guardrails, from assets management to robust encryption techniques, to be the backbone of secure AI integration. They protect intellectual property, customer and internal data, and other vital assets. It also ensures a broad spectrum of security monitoring, from rigorous personnel security checks and ongoing training to robust encryption techniques, to respond promptly and effectively to potential security incidents. 

Remaining vigilant about the evolving security landscape is essential as AI becomes mainstream. By seamlessly integrating security into every step of the AI life cycle, organizations can be proactive against the rising use of GenAI for social engineering attacks, making distinguishing between genuine and malicious content harder. Additionally, bad actors are leveraging GenAI to create vulnerabilities and accelerate the discovery of weaknesses in defenses. To address these challenges, CISOs must be diligent by continuing to invest in preventative and detective controls and considering new ways to disseminate awareness among the workforces.   

**Final Thoughts  **

AI will touch every business function, even in ways that have yet to be predicted. As the bridge between security efforts and business goals, CISOs serve as gatekeepers for quality control and responsible AI use across the business. They can articulate the necessary ground for security integrations that avoid missteps in AI adoption and enable businesses to unlock AI's full potential to drive better, more informed business outcomes.    

**About the Author**

Chief Information Security Officer, Alteryx

Lucas Moody is chief information security officer (CISO) at Alteryx and is focused on protecting Alteryx products, customers, and the business from cyber threats. Lucas is a technical security leader with extensive experience spanning enterprise and consumer software companies across the technology, financial, social networking, and retail sectors. He is a global-minded executive noted for his ability to drive security outcomes while enabling growing businesses to accelerate. His passion for technology, security, and building amazing teams has helped companies thrive during periods of hyper-growth and change.

How CISOs Can Lead the Responsible AI Charge

Unlock how AI transforms lead generation for businesses, from real-time targeting to automated follow-ups. Discover essential tools, tips…

Unlock how AI transforms lead generation for businesses, from real-time targeting to automated follow-ups. Discover essential tools, tips for implementation, and how AI enhances marketing, boosting conversion rates and customer engagement.

In today’s competitive market, businesses constantly look for new ways to attract and keep customers. One of the most powerful tools available today is artificial intelligence (AI), which has transformed traditional marketing methods and given a fresh boost to lead generation services. Knowing how AI can reshape lead generation is key for companies that want to stay ahead.

This article breaks down how AI is changing how businesses find leads and offers practical steps for getting started. Read on to see how AI can take your lead generation to the next level!

****Why AI Matters for Modern Marketing****

AI is more than just a hot topic—it’s a transformative technology that offers real, measurable benefits in modern marketing. Unlike traditional methods, which rely on broad audience segments and manual tracking, AI uses data-driven insights to identify the best potential leads, making marketing efforts smarter and more effective.

With its ability to analyze vast amounts of data in seconds, AI provides insights that help marketers connect with the right audience at the right time. This targeted approach not only saves time but also leads to better conversion rates and enhanced customer relationships.

****How AI Transforms the Lead Generation Process****

One of AI’s most powerful impacts on lead generation lies in its ability to streamline and optimize the entire process. Here’s how:

****Real-Time Data Analysis for Precise Targeting****

AI tools can process real-time data from various sources, such as website interactions, social media, and customer service records. This data-driven approach allows companies to analyze lead behaviours and trends instantly. By identifying patterns and preferences, AI helps marketers target prospects more accurately, enhancing the likelihood of capturing high-quality leads.

****Automating Outreach and Follow-Ups****

Keeping up with timely communication is key in lead generation. AI-powered automation enables businesses to send personalized messages at just the right moments—whether it’s a follow-up email after a product demo or a special offer based on previous interactions. This level of customization ensures that leads feel engaged without overwhelming marketers with manual tasks.

****Predicting Lead Behavior and Preferences****

AI doesn’t just react to customer behaviour; it predicts it. With machine learning, AI can identify when a lead might be ready to make a purchase or when they’re likely to lose interest. This foresight allows marketers to prioritize leads who are more likely to convert and apply strategic efforts where they’ll have the most impact.

There’s a wide range of AI tools available that cater to various aspects of lead generation. Some of the top tools in the market include:

*   Chatbots and Virtual Assistants: These tools engage with potential leads on websites, answering questions, and offering product recommendations in real time. They’re especially useful for capturing information and gauging lead interest.
*   Customer Relationship Management (CRM) Platforms with AI Integration: CRMs like Salesforce Einstein and HubSpot leverage AI to analyze customer data, track interactions, and recommend follow-up actions.
*   Lead Scoring Software: AI-driven lead scoring tools, like Infer or Leadspace, help prioritize leads by analyzing data such as engagement history and demographic factors.

By incorporating these tools, companies can create a seamless lead generation pipeline that doesn’t just focus on quantity but also on lead quality.

Choosing the right AI tool depends on your business goals and the scale of your lead generation efforts. Here are a few factors to consider:

*   Budget and Scalability: Look for tools that fit within your budget but can also scale with your business as your lead generation needs to grow.
*   Ease of Integration: Ensure the tool can easily integrate with your existing CRM and marketing software to create a streamlined workflow.
*   Support and Training: Some tools require more in-depth knowledge than others. Consider whether your team has the skills required to manage the AI solution or if the provider offers training.

By selecting tools that align with your needs, you can implement AI smoothly and maximize its impact on your lead generation.

****Personalization and Predictive Analytics****

AI shines in its ability to personalize marketing efforts and predict future behaviours. Through predictive analytics, AI can analyze patterns from past interactions, allowing businesses to tailor content and offers to individual leads.

For example, if a prospect frequently visits a specific product page, AI can prompt a targeted email campaign featuring that product. This level of personalization not only strengthens the customer relationship but also increases the chances of conversion by offering exactly what the lead is looking for.

****Tips for Getting Started with AI****

If you’re ready to explore AI for lead generation, here are some practical steps to help you begin:

1.  Start Small: Test out one or two AI-powered tools before committing to a full-scale implementation. This way, you can evaluate their impact on your lead generation.
2.  Train Your Team: Ensure your team understands how to use AI tools effectively. Many providers offer training resources or customer support to help with this.
3.  Track and Adjust: Use analytics to monitor AI performance and make adjustments as needed. Optimization is key to achieving the best results.
4.  Focus on Data Quality: AI relies on high-quality data for accurate predictions, so ensure your data collection methods are powerful.
5.  Stay Updated on AI Trends: AI technology evolves rapidly. Stay informed about new developments to keep your lead generation strategy cutting-edge.

**To Conclude**

Artificial intelligence is reshaping lead generation, offering businesses powerful ways to target, engage, and convert prospects more effectively. From real-time data analysis to personalized outreach, AI enhances each stage of the lead generation process.

By selecting the right tools, implementing best practices, and staying informed, your business can harness the full potential of AI. Now is the time to explore how AI can elevate your lead generation efforts and set your company apart in a competitive market.

1.  Fields of application of artificial intelligence
2.  How to find the best process for hot lead generation
3.  How Artificial intelligence (AI) Stops Cybercriminals
4.  Lead generation firm leaks household data of 63M Americans

The Role of Artificial Intelligence in Lead Generation

Emmenhtal Loader uses LOLBAS techniques, deploying malware like Lumma and Amadey through legitimate Windows tools. Its infection chain…

Emmenhtal Loader uses LOLBAS techniques, deploying malware like Lumma and Amadey through legitimate Windows tools. Its infection chain of LNK files and encrypted scripts evades detection.

Cybercriminals are always on the lookout for sneaky ways to bypass detection. One of the ongoing threats that cybersecurity professionals are closely monitoring is the Emmenhtal loader campaign.

Emmenhtal relies on LOLBAS (Living Off the Land Binaries and Scripts) techniques to quietly deliver malware, making it especially hard to detect.

In their research, analysts from ANY.RUN identified multiple malware strains being distributed by Emmenhtal, including Arechclient2, Lumma, Hijackloader, and Amadey—each cleverly disguised through malicious scripts.

Let’s examine this campaign more closely, unpacking Emmenhtal’s execution chain and exploring safe ways to detect its activities before they cause harm.

****What’s Emmenhtal Loader?****

Emmenhtal is a malware loader that surfaced in early 2024, known for its sophisticated methods in deploying various malicious payloads, including information stealers like Lumma and CryptBot. 

It uses LOLBAS techniques, utilizing legitimate Windows tools to avoid detection. Emmenhtal often conceals itself within modified legitimate Windows binaries, embedding malicious scripts that execute in multiple stages to download and run additional malware. 

Its infection chain frequently involves the use of HTA (HTML Application) files and PowerShell scripts, making it challenging for traditional security measures to detect.

You can check what scripts Emmenhtal Loader uses and what they do with the help of tools, such as ANY.RUN’s Script Tracer. 

Malicious scripts traced inside ANY.RUN’s sandbox

****Execution Chain of Emmenhtal Loader****

To examine how the Emmenhtal loader operates, we can explore a real-world malware sample within a secure environment like ANY.RUN’s interactive sandbox. 

In this case, we’ll have a closer look at the sample of Emmenhtal and how it’s executed.

View analysis session

Execution chain of Emmenhtal Loader

1.  **LNK file initiation:**

The attack begins with a malicious LNK file that initiates the **forfiles** command. This file is designed to look harmless, making it more likely to be executed by a user.

We can observe the forfiles.exe process in the interactive sandbox by examining the process tree section on the right side of the screen.

Forfiles inside ANY.RUN’s sandbox

2.  **Forfiles locates HelpPane to execute PowerShell:**

The forfiles command is used to locate the HelpPane executable. This legitimate Windows tool is then employed to launch PowerShell, which initiates the next step in the infection chain.

Forfiles.exe process details inside ANY.RUN’s sandbox

3.  **PowerShell calls Mshta:**

Next, PowerShell runs a command that calls Mshta. The latter is instructed to download a payload from a remote server. This payload is encrypted using the AES encryption algorithm to make it harder to detect and analyze.

4.  **Mshta decrypts and executes payload:**

**Mshta** decrypts and executes the downloaded payload. This payload contains the necessary instructions to proceed with the infection process.

Mshta.exe detected by ANY.RUN sandbox

5.  **PowerShell runs AES-encrypted command:**

PowerShell runs an AES-encrypted command to decrypt the Emmenhtal loader. This command is obfuscated to avoid detection by traditional security measures.

6.  **Emmenhtal Loader launches payload:**

The final PowerShell script is the Emmenhtal loader, which launches a payload (often **Updater.exe**) with a binary file with a generated name as an argument. This step carries out the transition from the loader to the actual malware.

In our example, we deal with Updater.exe as well:

Updater.exe displayed inside the sandbox

7.  **Malware infects the system:**

The malware successfully infects the system, completing the execution chain. At this point, the malware can carry out its intended malicious activities, such as data exfiltration, credential theft, or establishing persistence.

In the research carried out by ANY.RUN, the Emmenhtal Loader used scripts to deliver malware, such as Arechclient2, Lumma, Hijackloader, and Amadey.

****Analyze Threats Safely with ANY.RUN****

The Emmenhtal loader is a tricky malware that’s hard to detect. It uses legitimate Windows tools and encrypted scripts to hide its activities. But with the right tools, you can spot and stop it.

ANY.RUN’s interactive sandbox gives you the ability to analyze the behaviour of Emmenhtal and other advanced malware inside a controlled environment.

Get started today with a 14-day free trial!

1.  A Step-by-Step Guide to How Threat Hunting Works
2.  Analysis of Top Infostealers: Redline, Vidar and Formbook
3.  PythonAnywhere Cloud Platform Abused for Hosting Ransomware
4.  ANY.RUN Upgrades Threat Intelligence to Identify Emerging Threats
5.  ANY.RUN Upgrades Threat Intelligence to Identify Emerging Threats

Emmenhtal Loader Uses Scripts to Deliver Lumma and Other Malware

Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East — led by Saudi Arabia and other Gulf nations — have adopted mature frameworks and regulations amid escalating volumes of attacks.

Source: KamilSD via Alamy Stock Photo

The increase in cyber operations, disruptive attacks, and hacktivism in the Middle East has led the region's largest nations to pursue more sophisticated cybersecurity laws and frameworks over the past decade, leading to a dynamic regulatory landscape that companies need to navigate moving forward, according to regional experts.

Efforts to move their nations beyond the traditional petrochemical-based economies to a knowledge-based future have led Middle East nations to invest heavily in digital and cloud technologies over the past two decades. The result: Cyberattacks and cybercriminal operations have increased in the region. In reaction, countries such as Qatar, Saudi Arabia, and Oman all have developed mature regulatory regimes based on international standards, Cisco stated in a recent analysis of Middle East regulatory frameworks.

The goal of the effort is for countries to protect their valuable investments in the future from the dangers highlighted by destructive attacks and geopolitical tensions, says Yuri Kramarz, a principal engineer leading the global Incident response practice at Cisco's Talos threat intelligence group.

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larson from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

Related:Southeast Asian Cybercrime Profits Fuel Shadow Economy

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

"As various states started to diversify from traditional sources of income to a digital economy, they realized that technology adoption plays a crucial role in their economies as both a source of revenue and employment," he says. "It was not until the late 2000s and early 2010, when attacks became increasingly sophisticated, that countries began to take notice."

Yet, once the cyber danger was identified, the regional governments swung into action, with Saudi Arabia and the United Arab Emirates (UAE) leading the way, according to business consultancy Oliver Wyman. While Middle East nations have made significant strides, they do have to overcome a variety of factors, including uneven enforcement and the migration of talent away from the region, Souheil Moukaddem, global head of cyber risk at Oliver Wyman, stated in a video interview.

Related:Ransomware Gangs Pummel Southeast Asia

"A global problem, \[which is\] particularly exacerbated in the Middle East, \[is\] the shortage of cyber talent," he said. "And what you see really is, as the professionals become more experienced, they tend to migrate to other geographies where the pay is better, and the jobs are better."

**Mideast Plays Catch Up**

In 2014, nations in the Middle East began establishing cybersecurity and data-protection frameworks following a series of critical cybersecurity attacks, such as the Stuxnet attack and the Shamoon wiper. Recent tensions in the Middle East have driven even more advanced hacktivism, denial-of-service attacks, and supply chain compromises, including Israel's cyber-physical attack using exploding pagers.

Cisco's Kramarz points to the Shamoon wiper attacks as an example of the type of threats that have driven the change in perceptions of cybersecurity in the Middle East. Despite its lack of sophistication, the Shamoon wiper virus crashed more than 30,000 workstations at Saudi Arabia's state-owned oil giant, Saudi Aramco.

"As we have seen, the economy of an entire country can be impacted by a cybersecurity attack," he says.

As international tensions in the region have escalated, many countries in the Gulf Cooperative Council (GCC) have developed national cybersecurity strategies using international regulatory frameworks and standards and establishing a minimum set of security controls — especially in critical sectors, says Koroush Tajbakhsh, a director in the cybersecurity practice at FTI Consulting, based in Dubai.

Related:India's Critical Infrastructure Suffers Spike in Cyberattacks

"In the face of increasing cyber warfare, GCC countries have responded by bolstering regional cyber alliances, conducting joint cybersecurity drills, and fostering intelligence-sharing initiatives, though political tensions can complicate cooperation," he says.

**Standardized Approach Pays Off**

Companies that already use standards from the United States' National Institute of Standards and Technology, the European Union's General Data Protection Directive, or the global International Organization for Standardization are already well along in meeting most of the cybersecurity controls required by nations in the Middle East, Cisco's Kramarz says.

"Most country-level standards and frameworks are built on top of these well-known standards," he says. "However, companies must also pay attention to the specific requirements in each country, particularly around data localization, incident reporting, and compliance with sector-specific regulations that might often be only available through regulatory bodies who add additional frameworks on top of existing country-level regulations and laws."

However, enforcement of the regulations can be uneven — often due to a lack of expertise about newly passed laws or a failure to establish offices for data authorities — which poses problems for companies looking to prioritize their efforts. In addition, the lack of enforcement contributes to sometimes spotty responses to data breaches, says FTI Consulting's Tajbakhsh.

"Effectively responding to cybercrime and data breaches is not as much about gaps in local data protection legislation as it is about their effective enforcement," he says. "While laws exist, cross-border enforcement will remain a challenge when looking to prosecute foreign agents or international crime syndicates, as this would require local data offices responsible for enforcing laws locally to reach a level of operational maturity that also includes cross-border data sharing."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Middle East Cybersecurity Efforts Catch Up After Late Start

The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.

Source: Rix Pix Photography via Shutterstock

Attackers are already actively exploiting two vulnerabilities for which Microsoft issued patches on Nov. 12 as part of its monthly security update. And they could soon begin targeting two other publicly disclosed, but as yet unexploited, flaws.

The four zero-day bugs are among a set of 89 common vulnerabilities and exposures (CVEs) that Microsoft addressed in November's Patch Tuesday. The batch contains a substantially high percentage of remote code execution (RCE) vulnerabilities, in addition to the usual collection of elevation of privileges flaws, spoofing vulnerabilities, security bypass, denial-of-service issues, and other vulnerability classes. Microsoft identified eight of the flaws as issues that attackers are more likely to exploit, though researchers pointed to other flaws as well that are of likely of high interest to adversaries.

**Microsoft Adopts CSAF Standard**

Along with the November security update, Microsoft also announced its adoption of Common Security Advisory Framework (CSAF), an OASIS standard for disclosing vulnerabilities in machine-readable form. "CSAF files are meant to be consumed by computers more so than by humans," Microsoft said in a blog post. It should help organizations accelerate their vulnerability response and remediation processes, the company noted.

"This is a huge win for the security community and a welcome addition to Microsoft’s security pages," said Tyler Reguly, associate director of security R&D at Fortra, via email. "This is a standard that has been adopted by many software vendors and it is great to see that Microsoft is following suit."

**Zero-Day Bugs Under Active Exploit**

One of the zero-day bugs that attackers are already actively exploiting is CVE-2024-43451 (CVSS 6.5 out of 10), a flaw that discloses a user's NTLMv2 hash for validating credentials in Windows environments. The hashes allow attackers to authenticate as legitimate users, and access applications and data to which they have permissions. The vulnerability affects all Windows versions and requires minimal user interaction to exploit. Merely selecting or inspecting a file could trigger the vulnerability, Microsoft warned.

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_

"To my knowledge, it's the third such vulnerability that can disclose a user's NTLMv2 hash that was exploited in the wild in 2024," Satnam Narang, senior staff engineer at Tenable, wrote in an emailed comment. The other two are CVE-2024-21410 in Microsoft Exchange Server from February, and CVE-2024-38021 in Microsoft Office from July.

"One thing is certain," according to Narang. "Attackers continue to be adamant about discovering and exploiting zero-day vulnerabilities that can disclose NTLMv2 hashes."

The second bug under active exploit in Microsoft's latest update is CVE-2024-49039 (CVSS 8.8), a Windows Task Scheduler elevation of privilege bug that allows an attacker to execute remote procedure calls (RPC) normally available only to privileged accounts.

"In this case, a successful attack could be performed from a low privilege AppContainer," Microsoft said. "The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment."

The fact that it was Google's Threat Analysis Group that discovered and reported this flaw to Microsoft suggests that the attackers currently exploiting the flaw are either a nation-state-backed group or other advanced persistent threat actor, Narang said.

"An attacker can perform this exploit as a low-privileged AppContainer and effectively execute RPCs that should be available only to privileged tasks," added Ben McCarthy, lead cybersecurity engineer at Immersive Labs, via email. "It is unclear what RPCs are affected here, but it could give an attacker access to elevate privileges and execute code on a remote machine, as well as the machine in which they are executing the vulnerability."

**Previously Disclosed but Unexploited Zero-Days**

One of the two already disclosed — but not yet exploited — zero-days is CVE-2024-49019 (CVSS 7.8), an elevation-of-privilege vulnerability in Active Directory Certificate Services that attackers could use to gain domain administrator access. Microsoft's advisory listed several recommendations for organizations to secure certificate templates, including removing overly broad enrollment rights for users or groups, removing unused templates, and implementing additional measures to secure templates that allow users to specify a subject in the request.  

Microsoft is tracking the other publicly disclosed but unexploited flaw as CVE-2024-49040 (CVSS 7.5), a Windows Exchange Server spoofing flaw. "The primary issue lies in how Exchange processes ... headers, enabling attackers to construct emails that falsely appear to be from legitimate sources," Mike Walters, president and co-founder of Action1, wrote in a blog post. "This capability is particularly useful for spear phishing and other forms of email-based deception."

**RCE Security Bugs Have a Big Month**

Nearly 60% of the bugs — 52 of 89 — that Microsoft disclosed in its November update are RCE vulnerabilities that allow remote attackers to execute arbitrary code on vulnerable systems. Some allow for unauthenticated RCE, while others require an attacker to have authenticated access to exploit the bug. Most of the RCEs in Microsoft's latest update affect various versions of MS SQL Server. Other impacted technologies include MS Office 2016, MS Defender for iOS, MS Excel 2016, and Windows Server 2012, 2022, and 2025, said Will Bradle, security consultant at NetSPI, in an emailed statement.

Among the most critical of the RCEs, according to Walters, is CVE-2024-43639 in Windows Kerberos. The bug has a near-maximum CVSS severity score of 9.8 of 10 because, among other things, an unauthenticated attacker can exploit it remotely. Microsoft itself has assessed the bug as something that attackers are less likely to exploit. But putting it on the back burner for that reason could be a mistake.

"Kerberos is a fundamental component of Windows environments, crucial for authenticating user and service identities," Walters added. "This vulnerability turns Kerberos into a high-value target, allowing attackers to exploit the truncation flaw to craft messages that Kerberos fails to process securely, potentially enabling the execution of arbitrary code."

Bradle pointed to CVE-2024-49050 in Visual Studio Code Python Extension as another RCE in this month's set that merits priority attention. "The extension currently has over 139 million downloads and is affected by an RCE vulnerability with a base CVSS score of 8.8," he said. "Microsoft has patched the VSCode extension, and updates should be installed immediately."

Immersive Labs' McCarthy also identified multiple other flaws that organizations would do well to address quickly. They include the critical CVE-2024-43498 (CVSS 9.8), an RCE in .NET and Visual Studio; CVE-2024-49019 (CVSS 7.8), an Active Directory privilege escalation flaw; CVE-2024-49033 (CVSS 7.5), a Microsoft Word security bypass flaw; and CVE-2024-43623 (CVSS 7.8), a privilege escalation flaw in the Windows NT OS kernel that enables attacker to gain system level access on affected systems. Importantly, Microsoft has assessed the latter vulnerability as one that attackers are more likely to exploit.

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

The data leak was not actually due to a breach in Amazon's systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.

Source: Ian Dagnall via Alamy Stock Photo

Amazon has confirmed that its employees' data was exposed on a cybercrime forum due to the now-infamous MOVEit vulnerability.

The vulnerability, tracked as CVE-2023-34362, was discovered last year in the MOVEit file transfer software. The flaw allows hackers to bypass authentication on unpatched systems in order to access files, and it has affected thousands of organizations to date.

An Amazon spokesperson said that Amazon and AWS systems are secure and that its systems have not experienced a security breach. The "security event" actually occurred at a third-party property-management vendor, and several other customers it worked with in addition to Amazon were also affected, the person said. The type of compromised information includes work email addresses, desk phone numbers, and building locations.

"Amazon's recent data breach, traced back to a third-party vendor's use of the MOVEit tool, is another wake-up call for the supply chain's hidden vulnerabilities," Ferhat Dikbiyik, chief research and intelligence officer at Black Kite, wrote in an emailed statement to Dark Reading. "The MOVEit flaw initially hit hundreds, but the shockwave extended across 2,700+ organizations as the ripple effects reached third- and even fourth-party vendors. We've identified over 600 MOVEit servers that were likely caught in this 'spray' attack — leaving a vast field of potential targets."

Cybercrime intelligence company Hudson Rock referred to the fallout of the bug as one of the most substantial leaks of corporate information last year; and authors of the "Verizon Data Breach Investigation Report (DBIR)" in February noted that breaches attributable to MOVEit were so numerous that they skewed its statistics for the year.

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

**About the Author**

Tag

#intel