FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Wednesday, May 31, 2023

Sharing your business’s data with ChatGPT: How risky is it?

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

As a natural language processing model, ChatGPT – and other similar machine learning-based language models – is trained on huge amounts of textual data. Processing all this data, ChatGPT can produce written responses that sound like they come from a real human being.

ChatGPT learns from the data it ingests. If this information includes your sensitive business data, then sharing it with ChatGPT could potentially be risky and lead to cybersecurity concerns.

For example, what if you feed ChatGPT pre-earnings company financial information, company proprietary software codeor materials used for internal presentations without realizing that practically anybody could obtain that sensitive information just by asking ChatGPT about it? If you use your smartphone to engage with ChatGPT, then a smartphone security breach could be all it takes to access your ChatGPT query history.

In light of these implications, let’s discuss if – and how – ChatGPT stores its users’ input data, as well as potential risks you may face when sharing sensitive business data with ChatGPT.

Does ChatGPT store users’ input data?

The answer is complicated. While ChatGPT does not automatically add data from queries to models specifically to make this data available for others to query, any prompt does become visible to OpenAI, the organization behind the large language model.

Although no membership inference attacks have yet been carried out against the large language learning models that drive ChatGPT, databases containing saved prompts as well as embedded learnings could be potentially compromised by a cybersecurity breach. OpenAI, the parent company that developed ChatGPT, is working with other companies to limit the general access that language learning models have to personal data and sensitive information.

But the technology is still in its nascent developing stages – ChatGPT was only just released to the public in November of last year. By just two months into its public release, ChatGPT had been accessed by over 100 million users, making it the fastest-growing consumer app ever at record-breaking speeds. With such rapid growth and expansion, regulations have been slow to keep up. The user base is so broad that there are abundant security gaps and vulnerabilities throughout the model.

Risks of sharing business data with ChatGPT

In June 2021, researchers from Apple, Stanford University, Google, Harvard University, and others published a paper that revealed that GPT-2, a language learning model similar to ChatGPT, could accurately recall sensitive information from training documents.

The report found that GPT-2 could call up information with specific personal identifiers, recreate exact sequences of text, and provide other sensitive information when prompted. These “training data extraction attacks” could present a growing threat to the security of researchers working on machine learning models, as hackers may be able to access machine learning researcher data and steal their protected intellectual property.

One data security company called Cyberhaven has released reports of ChatGPT cybersecurity vulnerabilities it has recently prevented. According to the reports, Cyberhaven has identified and prevented insecure requests to input data on ChatGPT’s platform from about 67,000 employees at the security firm’s client companies.

Statistics from the security platform cite that the average company is releasing sensitive data to ChatGPT hundreds of times per week. These requests have presented serious cybersecurity concerns, with employees attempting to input data that includes client or patient information, source codes, confidential data, and regulated information.

For example, medical clinics use private patient communication software to help protect patient data all the time. According to the team at Weave, this is important to ensure that medical clinics can gain actionable data and analytics so they can make the best decisions while ensuring that their patients’ sensitive information remains secure. But using ChatGPT can pose a threat to the security of this kind of information.

In one troubling example, a doctor typed their patient’s name and specific details about their medical condition into ChatGPT, prompting the LLM to compose a letter to that patient’s insurance company. In another worrying example, a business executive copied the entire 2023 strategy document of their firm into ChatGPT’s platform, causing the LLM to craft a PowerPoint presentation from the strategy document.

Data exposure

There are preventive measures you can take to protect your data in advance and some companies have already begun to impose regulatory measures to prevent data leaks from ChatGPT usage.

JP Morgan, for example, recently restricted ChatGPT usage for all of its employees, citing that it was impossible to determine who was accessing the tool, for what purposes, and how often. Restricting access to ChatGPT altogether is one blanket solution, but as the software continues to develop, companies will likely need to find other strategies that incorporate the new technology.

Boosting company-wide awareness about the possible risks and dangers, instead, can help make employees more sensitive about their interactions with ChatGPT.  For example, Amazon employees have been publicly warned to be careful about what information they share with ChatGPT.

Employees have been warned not to copy and paste documents directly into ChatGPT and instructed to remove any personally identifiable information, such as names, addresses, credit card details, and specific positions at the company.

But limiting the information you and your colleagues share with ChatGPT is just the first step. The next step is to invest in secure communication software that provides robust security, ensuring that you have more control over where and how your data is shared. For example, building in-app chat with a secure chat messaging API ensures that your data stays away from prying eyes. By adding chat to your app, you ensure that users get context-rich, seamless, and most importantly secure chat experiences.  

ChatGPT serves other functions for users. As well as composing natural, human-sounding language responses, it can also create code, answer questions, speed up research processes, and deliver specific information relevant to businesses.

Again, choosing a more secure and targeted software or platform to achieve the same aims is a good way for business owners to prevent cybersecurity breaches. Instead of using ChatGPT to look up current social media metrics, a brand can instead rely on an established social media monitoring tool to keep track of reach, conversion and engagement rates, and audience data.

Conclusion

ChatGPT and other similar natural language learning models provide companies with a quick and easy resource for productivity, writing, and other tasks. Since no training is needed to adopt this new AI technology, any employee can access ChatGPT. This means the possible risk of a cybersecurity breach becomes expanded.

Widespread education and public awareness campaigns within companies will be key to preventing damaging data leaks. In the meantime, businesses may want to adopt alternative apps and software for daily tasks such as interacting with clients and patients, drafting memos and emails, composing presentations, and responding to security incidents.

Since ChatGPT is still a new, developing platform it will take some time before the risks are effectively mitigated by developers. Taking preventive action is the best way to ensure your business is protected from potential data breaches.

The post Sharing your business’s data with ChatGPT: How risky is it? appeared first on Cybersecurity Insiders.


June 01, 2023 at 09:09AM

Shadow Data Concerns, Public Cloud Breaches Remain Sky-High: Here’s How Organizations Can Protect Themselves

By Andy Smith, Chief Marketing Officer, Laminar

The same technologies powering cloud transformation and data democratization are also introducing the greatest risks to data security, data privacy and data governance professionals.

Right now, we’re in the midst of cloud data’s Gilded Age. Data scientists and developers are spinning up new datastores in seconds to make data more accessible, do more with data analytics, and better harness its overall value. However, the increasing adoption of cloud data storage technologies, the sheer proliferation of data, death of the traditional perimeter, and faster rate of change has created an increased pressure on data security teams.

The dark side of the cloud’s Gilded Age is a new threat vector called, “the innovation attack surface.” Unlike traditional threat vectors, the innovation attack surface is largely caused by accident. When developers and data scientists spin up new data stores at the click of a button to out innovate their competition, it’s easy for IT and security teams to lose track of where the data lands. This unknown or “shadow” data is a hot target for cyberadversaries because it is not governed or under the same security controls as the known production datastore.

To gain a deeper understanding of the innovation attack surface and shadow data’s overall impact on organizations today, Laminar released its second annual State of Public Cloud Data Security Report.

Here’s what we found:

Cloud Data Breaches Are on the Rise

Three out of four respondents reported a cloud data breach in 2022, up from one in two in last year’s State of Public Cloud Data Security Report. For those who were impacted by a breach, 79% of respondents were aware that data had been exfiltrated or leaked compared to 58% from the year before.

It’s clear that organizations’ current strategy of “getting to the cloud or bust” without implementing next-generation data security controls isn’t working. Without change, this problem is not slowing down. Traditional approaches are clearly not working.

Why Data is Being Left in the Shadows

Despite 86% of respondents claiming to have increased visibility of cloud data, an impressive 93% of data security and governance professionals remain concerned about shadow data. Respondents also named  shadow data as the No.1 challenge to protecting data in the cloud, up from No.3 last year.

Why the contradiction? You don’t know what you don’t know. The divergence between agile cloud data activities that contribute to innovation and the static and manual data security activities intended to protect the business have led to what is known as the “security execution gap.” In layman’s terms, it just means that the smartest people in the business are working very quickly, and IT and security teams are still using manual or old tools that are not agile and not dynamic enough to keep up with the pace of change in the cloud.

It’s easy to create shadow data with just a few clicks. Shadow data results from companies of production data left behind in development and/or test environments. It may linger in the ether for weeks, months, or even years before being accessed by potential threat actors if left undiscovered and not addressed.

Sunnier Days are Ahead for Organizations Seeking Modern Security Solutions

When it comes to cloud data security, it’s not all doom-and-gloom. Thankfully, corporate leaders are starting to realize the need for a data-centric approach and that new, cloud-native, solutions are available. Some of the best news to come from the survey is the fact that 92% of respondents stated the rise in cloud data breaches has convinced executive-level leadership to purchase cloud-native security platforms, up 50% from last year. This is reinforced by the fact that 66% of organizations have increased security budgets by 41%-or-more in the past year.

It’s very good news that a whopping 97% of organizations now have a dedicated data security team — up from 58% last year.

Security professionals are also now much more aware of solutions to help. Almost all (92%) of respondents had heard about data security posture management (DSPM) solutions, and want the following capabilities from tools on the market:

  • Autonomous scanning (71%)

  • Dynamic and performant (63%)

  • Asynchronous operations (54%)

  • Agentless architecture (53%)

Just like in the industrial Gilded Age, the cloud’s Gilded Age brings both pros and cons. To thrive in today’s threat landscape, organizations need best-in-breed cloud-native security platforms that provide autonomous and agentless discovery, classification, and protection across multi-cloud architecture. Only then will data security professionals be equipped to reduce the innovation attack surface while still encouraging the activities that bring value back to the business.

Author’s bio: Andy is a veteran of 30+ years in the high-tech industry in Silicon Valley. He has spent the last 20 years in security, currently as CMO at cloud data security provider Laminar and previously as CMO at SaaS security innovator Qualys.  Prior to that Andy was SVP of Marketing for identity provider Centrify and Sr Director of Product Management for Oracle responsible for their identity & security offerings. Andy is a veteran of several security startups including VP of Product Management at Bitzer Mobile that was acquired by Oracle and GRC provider Virsa Systems that was acquired by SAP. Andy’s security background includes stints at ActivIdentity and Veridicom. Andy has a MBA from Santa Clara University and Bachelor’s in Mathematics from Occidental College.

LinkedIn social: https://www.linkedin.com/in/andysmithcmo/

Twitter social: https://twitter.com/laminarsec/

The post Shadow Data Concerns, Public Cloud Breaches Remain Sky-High: Here’s How Organizations Can Protect Themselves appeared first on Cybersecurity Insiders.


June 01, 2023 at 12:01AM

SeroXen RAT for sale

This blog was jointly written with Alejandro Prada and Ofer Caspi.

Executive summary

SeroXen is a new Remote Access Trojan (RAT) that showed up in late 2022 and is becoming more popular in 2023. Advertised as a legitimate tool that gives access to your computers undetected, it is being sold for only $30 for a monthly license or $60 for a lifetime bundle, making it accessible.

Key takeaways:

  • SeroXen is a fileless RAT, performing well at evading detections on static and dynamic analysis.
  • The malware combines several open-source projects to improve its capabilities. It is a combination of Quasar RAT, r77-rootkit and the command line NirCmd.
  • Hundreds of samples have shown up since its creation, being most popular in the gaming community. It is only a matter of time before it is used to target companies instead of individual users.

Analysis

Quasar RAT is a legitimate open-source remote administration tool. It is offered on github page to provide user support or employee monitoring. It has been historically associated with malicious activity performed by threat actors, APT groups (like in this Mandiant report from 2017), or government attacks (in this report by Unit42 in 2017).

It was first released in July 2014 as “xRAT” and renamed to “Quasar” in August 2015. Since then, there have been released updates to the code until v1.4.1 in March 2023, which is the most current version. As an open-source RAT tool with updates 9 years after its creation, it is no surprise that it continues to be a common tool used by itself or combined with other payloads by threat actors up to this day.

In a review of the most recent samples, a new Quasar variant was observed by Alien Labs in the wild: SeroXen. This new RAT is a modified branch of the open-source version, adding some modifications features to the original RAT. They’re selling it for monthly or lifetime fee. Figure 1 contains some of the features advertised on their website.

SeroXen features

Figure 1. SeroXen features announced on its website.

This new RAT first showed up on a Twitter account, established in September 2022. The person advertising the RAT appeared to be an English-speaking teenager. The same Twitter handle published a review of the RAT on YouTube. The video approached the review from an attacking/Red Team point of view, encouraging people to buy the tool because it is worth the money. They were claiming to be a reseller of the tool.

In December 2022, a specific domain was registered to market/sell the tool, seroxen[.]com. The RAT was distributed via a monthly license for $30 USD or a lifetime license of $60 USD. It was around that time that the malware was first observed in the wild, appearing with 0 detections on VirusTotal.

After a few months, on the 1st of February, the YouTuber CyberSec Zaado published a video alerting the community about the capabilities of the RAT from a defensive perspective. In late February, the RAT was advertised on social media platforms such as TikTok, Twitter, YouTube, and several cracking forums, including hackforums. There were some conversations on gaming forums complaining about being infected by malware after downloading some video games. The artifacts described by the users matched with SeroXen RAT.

The threat actor updated the domain name to seroxen[.]net by the end of March. This domain name was registered on March 27th, 2023, after seroxen[.]com was decommissioned. The threat actor used GoDaddy for registration and Cloudflare for hosting the website. These domains are only used for selling and marketing purposes, and not for Command and Control (C&C) communications.

SeroXen website

Figure 2: SeroXen website

Based on the packed versions uploaded to VT, it appears that the RAT is being used for targeting video game users. Several lure injector cheat files have been observed with names invoking popular videogames such as Fortnite, Valorant, Roblox or Warzone2. The threat actor used Discord for the distribution of some of the samples.

SeroXen timeline

Figure 3. SeroXen timeline.

One of the most relevant announced features is that it is a fully undetectable version. This is currently true from a static analysis point of view, since the RAT is packaged into an obfuscated PowerShell batch file. The file’s size typically ranges between 12-14 megabytes, as we can see in sample 8ace121fae472cc7ce896c91a3f1743d5ccc8a389bc3152578c4782171c69e87 uploaded to VT on May 21. Due to its relatively large size, certain antivirus may choose not to analyze it, potentially bypassing detection. This sample currently has 0 detections on VT, but some of the crowdsourced Sigma Rules do detect the activity as suspicious.

As the malware is fileless and executed only in memory after going through several decryptions and decompression routines, it is more difficult to detect by antiviruses. In addition, its rootkit loads a fresh copy of ntdll.dll, which makes it harder to detect by Endpoint Detection & Response (EDR) solutions that hook into it to detect process injections.

Regarding the dynamic analysis, it is worth noting that some sandbox environments might fail to detect the RAT due to its utilization of several techniques to evade virtualization and sandbox detection mechanisms and string encryption subsequent payloads.

The RAT employs anti-debugging techniques by leveraging Windows Management Instrumentation (WMI) to identify the system’s manufacturer. This enables it to identify virtualization environments such as VMware and abort the execution to delay and make the analysis harder. The RAT also checks for the presence of debuggers and uses pings make the threads sleep.

Currently, most child processes and files dropped during the execution of the RAT have a low detection rate.

Execution analysis

When the malicious payload is delivered to the victim, commonly through a phishing mail or a Discord channel – the victim often receives a ZIP file containing a benign file in plain sight, and the heavily obfuscated batch file is hidden and automatically executed when launched. The bat file format is always very similar and looks like the contents of Figure 4, followed by base64 encoded text later in the file.

SeroXen bat script

Figure 4. Obfuscated bat script.

During the bat execution, the script extracts two separate binaries from the base64 encoded text, AES decrypts, and GZIP decompresses it to produce two separate byte arrays. These byte arrays are then used with .NET reflection to perform an in-memory load of the assembly from its bytes, locate the binary’s entry point, and perform an Invoke on both.

Throughout the decryption process, the attackers had the need to create a legitimate looking folder to drop an illicit version of the System Configuration Utility msconfig.exe that is required later. For this purpose, the script creates the folder “C:Windows System32”, with a space after Windows and deletes it as soon as the utility is running. If it wasn’t for this file temporarily dropped into disk, the RAT would be fully fileless.

The execution of one of the above-mentioned binaries leads to another obfuscated binary carrying an embedded resource. This resource is hidden behind anti-sandboxing and debugger techniques, only to lead to more obfuscation and encryption techniques that lead to the final payload. This payload has been built using the Github project Costura, which allows SeroXen to pack the code’s dependencies into the .NET assembly so it can run self-contained.

SeroXen payload

Figure 5. Payload embedded resources.

The extraction of the resources leads to the final payloads. This is in the form of two .NET assemblies: CSStub2.InstallStager.exe, and CSStub2.UninstallStager.exe. And a Win32 binary called CSStub2.$sxr-nircmd.exe, which corresponds to the unmodified command-line utility NirCmd.

The payload InstallStager.exe is a compilation of the open-source rootkit named r77-rootkit – a fileless ring 3 rootkit written in .NET. This rootkit supports both x32 and x64 Windows processes and has the following features:

  • Fileless persistence: The rootkit is stored as obfuscated data in the registry and is spawned with PowerShell via Task Scheduler to be injected into the winlogon.exe process.
  • Child process hooking.
  • Option to embed additional malware to be executed with the rootkit – in this case NirCmd and/or Quasar. The added malware will be decompressed and decrypted before it is injected into other processes.
  • In memory process injection: the rootkit injects itself and additional malware(s) into all processes. Injection is done from memory: no files are needed to be stored on disk.
  • Hooking: Hooks several functions from ntdll.dll to hide its presence.
  • Communicating via NamedPipe: The rootkit can receive a command from any running process.
  • Antivirus / EDR evasion: The rootkit uses several evasion techniques:
    • AMSI bypass: PowerShell inline script patches “amsi.dll!AmsiScanBuffer” to always return “AMSI_RESULT_CLEAN”.
    • DLL unhooking: Removes EDR hooks by loading a fresh copy of “ntdll.dll” from disk to avoid process hollowing detection
  • Hiding entities: Hiding all entities starts with a configurable prefix, which in SeroXen’s case its “$sxr”. This prefix hardens the visualization of the attack on the system, but eases attribution of the malware family during the analysis. The prefix is used to hide files, directories, NamedPipes, scheduled tasks, processes, registry keys/values, and services.

R77 technical documentation provides a guideline of where can the prefix be found:

Config parameter

Details

Example

HIDE_PREFIX

The prefix for name-based hiding (e.g. processes, files, etc…).

L”$sxr”

R77_SERVICE_NAME32

Name for the scheduled task that starts the r77 service for 32-bit processes.

HIDE_PREFIX L”svc32″

R77_SERVICE_NAME64

Name for the scheduled task that starts the r77 service for 64-bit processes.

HIDE_PREFIX L”svc64″

CHILD_PROCESS_PIPE_NAME32

Name for the named pipe that notifies the 32-bit r77 service about new child processes.

L”.pipe” HIDE_PREFIX L”childproc32″

CHILD_PROCESS_PIPE_NAME64

Name for the named pipe that notifies the 64-bit r77 service about new child processes.

L”.pipe” HIDE_PREFIX L”childproc64″

CONTROL_PIPE_NAME

Name for the named pipe that receives commands from external processes.

L”.pipe” HIDE_PREFIX L”control”

 

The two main components in this project are the InstallStager service and the Rootkit. The InstallStager service is responsible for:

  • Creating a registry key to store the malware code and writes it as encrypted data.
  • Creating a scheduled task to execute the malware using PowerShell. PowerShell will decompress and decrypt the final payload (Service) that will be injected into the winlogon.exe process and executed via dllhost.exe using process hollowing techniques.

SeroXen starting

Figure 6. Starting payload after decryption using process hollowing.

Now the second and main stage of the Rootkit is ready to start. The service kicks off the load of the rootkit’s DLL that is embedded as a resource and saves its configuration as a registry key. (In SeroXen case it’s [HKEY_LOCAL_MACHINESOFTWARE$sxrconfig]).

The service creates 3 listener threads:

  • NewProcessListener: Enumerates all running processes and injects the rootkit when new processes are created.
  • ChildProcessListener: Injects the rootkit to a newly created process by another process and updates the callee via NamedPipe.

SeroXen child process

Figure 7. Child process injection.

  • ControlPipeListener: Creates a NamedPipe to receive commands from any process. Supported commands are listed below:

Command

Details

CONTROL_R77_UNINSTALL

The control code that uninstalls r77.

CONTROL_R77_PAUSE_INJECTION

The control code that temporarily pauses injection of new processes.

CONTROL_R77_RESUME_INJECTION

The control code that resumes injection of new processes.

CONTROL_PROCESSES_INJECT

The control code that injects r77 into a specific process, if it is not yet injected.

CONTROL_PROCESSES_INJECT_ALL

The control code that injects r77 into all processes that are not yet injected.

CONTROL_PROCESSES_DETACH

The control code detaches r77 from a specific process.

CONTROL_PROCESSES_DETACH_ALL

The control code detaches r77 from all processes.

CONTROL_USER_SHELLEXEC

The control code that executes a file using ShellExecute.

CONTROL_USER_RUNPE

The control code that executes an executable using process hollowing.

CONTROL_SYSTEM_BSOD

The control code that triggers a BSOD.

CONTROL_R77_TERMINATE_SERVICE

The control code that terminates the r77 service.

 

The DLL rootkit carries out process injections, executes commands received by other processes, and keeps out of sight any sign of SeroXen being executed within the system.

SeroXen hooking

Figure 8. System function hooking.

As a summary of the execution process:

SeroXen summary

Figure 9. SeroXen decryption flow.

Since Seroxen is based on QuasarRAT, the C&C server utilizes the same Common Name in their TLS certificate. The functionalities offered by the threat actor for the C&C server closely mirror those found in the Quasar Github repository, including support for TCP network streams (both IPv4 and IPv6), efficient network serialization, compression using QuickLZ, and secure communication through TLS encryption.

Quasar

Figure 10. Quasar Server Certificate.

 

Conclusion

The SeroXen developer has found a formidable combination of free resources to develop a hard to detect in static and dynamic analysis RAT. The use of an elaborated open-source RAT like Quasar, with almost a decade since its first appearance, makes an advantageous foundation for the RAT. While the combination of NirCMD and r77-rootkit are logical additions to the mix, since they make the tool more elusive and harder to detect.

The Alien Labs team will continue to monitor the threat landscape for SeroXen samples and infrastructure.

Detection methods

The following associated detection methods are in use by Alien Labs. They can be used by readers to tune or deploy detections in their own environments or for aiding additional research.

SURICATA IDS SIGNATURES

2035595: ET TROJAN Generic AsyncRAT Style SSL Cert

2027619: ET TROJAN Observed Malicious SSL Cert (Quasar CnC)

 

Associated indicators (IOCs)

The following technical indicators are associated with the reported intelligence. A list of indicators is also available in the OTX Pulse. Please note, the pulse may include other activities related but out of the scope of the report.

 

TYPE

INDICATOR

DESCRIPTION

SHA256

8ace121fae472cc7ce896c91a3f1743d5ccc8a389bc3152578c4782171c69e87

Example malware hash

Mapped to MITRE ATT&CK

The findings of this report are mapped to the following MITRE ATT&CK Matrix techniques:

  • TA0002 : Execution 
  • T1053: Scheduled Task/Job 
  • T1053.005: Scheduled Task 
  • T1059: Command and Scripting Interpreter 
  • T1059.003: Windows Command Shell 
  • TA0003: Persistence 
  • T1547: Boot or Logon Autostart Execution 
  • T1547.001 Registry Run Keys / Startup Folder 
  • TA0004: Privilege Escalation 
  • T1548: Abuse Elevation Control Mechanism 
  • T1548.002: Bypass User Account Control 
  • TA0005: Defense Evasion 
  • T1112: Modify Registry 
  • T1553: Subvert Trust Controls 
  • T1553.002: Code Signing 
  • T1564: Hide Artifacts 
  • T1564.001: Hidden Files and Directories 
  • T1564.003: Hidden Window 
  • TA0006: Credential Access 
  • T1552: Unsecured Credentials 
  • T1552.001: Credentials In Files 
  • T1555: Credentials from Password Stores 
  • T1555.003: Credentials from Web Browsers 
  • TA0007: Discovery 
  • T1016: System Network Configuration Discovery 
  • T1033: System Owner/User Discovery 
  • T1082: System Information Discovery 
  • T1614: System Location Discovery 
  • TA0008: Lateral Movement 
  • T1021: Remote Services 
  • T1021.001: Remote Desktop Protocol 
  • TA009: Collection 
  • T1005: Data from Local System 
  • T1056: Input Capture 
  • T1056.001: Keylogging 
  • T1125: Video Capture 
  • TA0011: Command and Control 
  • T1090: Proxy 
  • T1095: Non-Application Layer Protocol  
  • T1105: Ingress Tool Transfer 
  • T1571: Non-Standard Port 
  • T1573: Encrypted Channel: 
  • T1573.001: Symmetric Cryptography 

References:

The post SeroXen RAT for sale appeared first on Cybersecurity Insiders.


May 31, 2023 at 09:10PM

Solar Panels at Risk of Cyber Attacks, warn Experts

According to experts from Digital Watchdog RDI, solar panels are now vulnerable to cyber attacks, with hackers targeting the vulnerabilities in the inverters that store energy for powering smartphones, laptops, and small electrical gadgets.

This conclusion was reached after a comprehensive assessment of inverters from eight different manufacturers, revealing that none of them met even the basic security standards. Norwegian foundation DNV also released a report stating that photovoltaic inverters can be exploited as bots to disrupt power lines, shut down wind farms, disable refineries, impact fuel supply, compromise public CCTV surveillance networks, and more.

Between 2015 and 2021, approximately 16.3 million connected photovoltaic solar panels were installed in Australia, none of which met the cybersecurity standards set by RDI. This infrastructure could potentially be utilized as sources for launching distributed denial-of-service (DDoS) attacks and disrupting critical infrastructures worldwide.

One notable incident involved an attack on a Ukrainian power grid, where hackers gained access to a renewable energy generation grid through connected photovoltaic cells. Russian hackers were implicated in the attack, but Kyiv managed to thwart their efforts before further damage was done to other connected infrastructures.

It is crucial for manufacturers to actively play a role in offering products that comply with established photovoltaic cybersecurity standards. Likewise, users of such products must ensure that these security features are implemented from the outset of their usage.

As solar inverters become increasingly sophisticated with connected technology, cyber criminals can exploit vulnerabilities to introduce instabilities into their operations, resulting in physical and financial damage to the inverters themselves and any systems connected to them.

The post Solar Panels at Risk of Cyber Attacks, warn Experts appeared first on Cybersecurity Insiders.


May 31, 2023 at 08:40PM

Tuesday, May 30, 2023

UberEats to use 2000 AI powered robots for delivery by 2026

Many technologists around the world are arguing that the use of AI technology might spell doom for mankind in the near future. Amidst such concerns of “risk of extinction,” UberEats has made an official statement that it plans to use over 2,000 AI-powered four-wheeled robots for delivery by 2025-26.

The delivery service will be available to customers via the app and will initially be restricted to about 16 cities. It will later expand and be offered in other parts of the United States, if all goes well.

A robotics firm named “Serve” will be working with the delivery giant and is ready to offer over 2,000 self-driving bots capable of carrying over 50 pounds of merchandise. These AI-powered machines can operate for 25 miles on a single charge, allowing them to deliver dozens of orders within a 5-8 hour time span at a speed of 3 miles per hour, even under adverse weather conditions such as heavy rain and snow.

Uber has made it clear that the service will be offered only to customers for whom the service is feasible, and it will be a contactless delivery experience. Customers will be able to open the box only through a passcode sent to their app at the time of delivery. The Serve-manufactured robot will then leave the customer’s premises after taking a picture of the customer along with the order through a camera integrated onto the touch-screen board.

Uber plans to increase the number of Serve Robots once the service gains the much-needed traction in the parcel delivery business. The company is also planning to introduce small-sized robots for the delivery of minor parcels.

The robot’s navigation will rely on Cartken’s artificial intelligence-based mapping technology, which can identify objects, vehicles, humans, and the geography of the location.

The post UberEats to use 2000 AI powered robots for delivery by 2026 appeared first on Cybersecurity Insiders.


May 31, 2023 at 10:50AM

Go Phish: How Attackers Utilize HTML Files to Evade Security

By Motti Elloul, VP Customer Success and Incident Response, Perception Point

Email phishing scams are nothing new. But they are growing increasingly prevalent and sophisticated – over 3 billion phishing emails are sent every day, and the tactics used to disguise them are only growing more devious.

One case in point: the Incident Response team from our company, Perception Point, recently discovered a new phishing campaign that uses HTML files to conceal malicious scripts, duping unsuspecting users into entering their credentials and divulging sensitive personal data.

This latest attack strategy underscores the importance of email security, acting as the first line of defense, and emphasizes how comprehensive solutions are required to detect and remediate extremely deceptive threats that arrive in enterprise users’ inboxes. These solutions can help take the onus off of employees, reducing the possibility of human error, though naturally they still must exercise general caution.

How the Attack Works

In this newly identified phishing scam, an attacker sends an email disguised as an urgent company-related payment request with an HTML attachment. Upon opening the HTML file, the user is redirected to a spoofed Microsoft login page, where they are prompted to enter their credentials.

Although this attack may seem like a typical phishing model, it is perhaps more clever than meets the eye, as it is capable of bypassing advanced detection methods and here’s why.

When standard email security systems scan the HTML attachment, the only thing they typically lay bare is the Base64 encoded object. However, when running the attachment through Perception Point’s solution, dynamically scanning 100% of content that other platforms may overlook, it was discovered that once decoded, the object led to a SVG file encoded as a URL. Only upon decoding the file for a second time was an obfuscated script intended for credential theft exposed.

Pulling Back the Layers

Diving into the code, researchers on the Incident Response team managed to locate the source of the uploaded CSS as well as the obfuscated script on the URL that is meant for credential stealing. By going through each step of the attack, the team was able to obtain the first URL used in the script to determine where the payload was sent as well as its delivery method: they discovered that the attack was designed to send a POST request to the extracted URL before sending the victim’s credentials as a JSON (JavaScript Object Notation) format file.

Researchers further found that the variable marked ‘b’ in the attack had all the CSS base64 encoded. After delving into a few more decoded variables, the researchers discovered the HTML of the login. They then determined that at this point in the attack, the hacker would use a script for stealing the entered credentials utilizing a Base64 encoded “btype” variable. Although the URL address was revealed to be slightly incomplete after a round of decoding, researchers saw that the script would compensate by adding the letter ‘h’ to complete it. This made it suitable to host an obfuscated script with the expressed purpose of credential stealing.

Though the sophistication of this attack is alarming, there are likely countless others like it. Unfortunately, the majority of email security systems lack the capacity to peel back these complex layers.

Catch the Phish

There’s no telling how much more elusive these phishing threats will become – this newest attack campaign certainly won’t be the last of its kind. In fact, according to Perception Point’s latest Cybersecurity Trends Report, advanced phishing attacks skyrocketed by 436% in 2022.

While it still is good practice for employees to approach their email-based processes and tasks with caution and scrutiny, it is in their organization’s best interest to proactively deploy multi-layered security solutions such as those that harness image recognition technologies to detect even the subtlest of phishing scams. Organizations enjoy immediate support in preventing and remediating attacks by integrating incident response services into their cybersecurity solutions, effectively countering perpetrators of phishing attacks.

The post Go Phish: How Attackers Utilize HTML Files to Evade Security appeared first on Cybersecurity Insiders.


May 31, 2023 at 01:41AM

The Rush to SaaS Modernization Can Result in Reputational Damage

By Hananel Livneh, Head of Product Marketing, Adaptive Shield

Successful cyberattacks tend to hit companies with the force of an 80-foot wave. The initial damage is quickly apparent. Like ships that lose railings and experience instability, businesses are immediately faced with lost data, ransom payments, and revenue losses, depending on the nature of the attack.

It isn’t until later that the real damage can be assessed. Structural damage to the bow, aft, and bottom of the boat can render the ship unusable. Likewise, the damage to a company’s reputation can be severe.

Trust is one of the key elements in the customer relationship. When cyberattacks lead to data breaches and the publication of personal information, trust is eroded, resulting in additional fallout from the attack – the loss of customers.

These breaches can be a big deal. According to IBM’s Cost of a Data Breach Report 2022, the average company sees a $1.42M drop in business as a result of a breach. This lost business, ascribed to reputational damage, is often unrecoverable as customers move on to competitors who appear to be more careful with their data.

Most businesses understand that loss of confidence leads to eroding trust which turns into a loss of customers. What they fail to understand is that without proper security measures in place, the SaaS stack can be the target of an attack.

Breaching the SaaS App

SaaS applications are the darlings of the business world. They promise – and deliver – low-cost technology solutions that don’t require maintenance and can be used by anyone, anywhere. That’s why the SaaS market is projected to grow from $251 billion in 2022 to $883 billion by 2029.

However, there is a dark side to SaaS applications. The anytime, anywhere nature of SaaS apps coupled with collaborative tools makes them accessible to threat attackers and vulnerable to breaches.

There are a myriad of ways threat actors can access a SaaS application. Sophisticated phishing attacks on employees, keylogger malware on devices with poor hygiene, stealing session tokens from authenticated endpoints, and attempted entry via brute force attacks, to name just a few. Threat actors are constantly looking for new ways to gain access to the SaaS stack.

Malicious third-party applications can provide access to everything stored on the organization’s cloud-storage drive. Even non-malicious SaaS-to-SaaS access can be weaponized and provide threat actors with access.

Reputational Damage Impacts Every Vertical

Once SaaS applications are breached and data has been compromised, it is only a matter of time before the story hits the media because often, government mandates require disclosure. HIPAA laws require US healthcare facilities to notify prominent media outlets when breaches impact more than 500 patients. Financial Institutions are required to report certain data breaches within 36-72 hours. Proposed legislation would require publicly traded tech companies to disclose breaches within 4 business days.

The impact these disclosures have on companies is severe. Patients lose faith that their protected health information (PHI) is safe, while bank customers question their financial institution’s ability to secure their funds and tech stockholders invest their money in more reliable companies.

Customers often churn away from companies that are incapable of securing their data, leading to drops in market share and revenue. Vendors and partners tend to shy away from victimized companies, afraid to be associated with companies that are now notoriously poor with securing data and holding onto their secrets. Optus, Australia’s second largest telecom provider, saw 10% of their customers churn in the month after the attack, and surveys showed that 56% were considering changing their service provider in response to the attack.

Preventing a SaaS Disaster

Attempted SaaS breaches don’t have to end catastrophically. Most breaches are fully preventable. SaaS applications are remarkably secure, with an array of security settings fully capable of denying access to threat actors, but their security measures are only effective when deployed correctly.

Solutions like SaaS Security Posture Management (SSPM) platforms can prevent data breaches by identifying high-risk settings and alerting security teams when they need to be updated. They also review third-party connected apps, and detect threats before they become full-blown breaches. These automated platforms oversee the entire SaaS stack, rather than just a handful of top-priority SaaS apps.

While there are some activities that may limit the damage caused by a cyberattack, investing in SaaS security tools is the first step. SSPMs protect data as they detect threats, identify high-risk misconfigurations, and monitor risk from third party applications.

The post The Rush to SaaS Modernization Can Result in Reputational Damage appeared first on Cybersecurity Insiders.


May 31, 2023 at 12:59AM

Introduction to the purpose of AWS Transit Gateway

Introduction

Today you look at the Global/Multi-site Enterprise Security Architecture of an organization and see a myriad of concerns. Increased levels of complexity, difficulties managing multiple third parties, difficulties implementing consistent levels of security, and so on. This makes it imperative for organizations to identify opportunities to simplify, streamline, and generally improve their infrastructure wherever possible.

Managing the level of complexity is becoming increasingly difficult. Security may be partially implemented, which is an ongoing challenging issue.

Terminology

  • AWS Region – a physical location around the world where we cluster data centers.
  • AWS Availability Zone (AZ) – is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region.
  • AWS Services – AWS offers a broad set of global cloud-based products, including compute, storage, database, analytics, networking, machine learning and AI, mobile, developer tools, IoT, security, enterprise applications, and more.
  • AWS Transit Gateway (TGW) – A transit gateway is a network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks. As your cloud infrastructure expands globally, inter-Region peering connects transit gateways together using the AWS Global Infrastructure.

Global/Multi-Site Enterprise Architecture

Many organizations are using Global/Multi-site with dated technology spread throughout data centers and networks mixed in with some newer technologies. This can include uncounted third parties as well. These sites often include multiple environments (like Dev, QA, Pre-Prod, and Prod) supported by numerous technologies spread across both physical and virtual servers, including databases, web, and application servers, and more.

Modifications can be challenging when integrating legacy with new technologies. Sometimes can require a static approach when completely redesigning existing infrastructure. Understandably, most organizations tend to shy away from exploring anything that seems like a significant upgrade or change. Thankfully there are some solutions available that can substantially improve operations and infrastructure without the typical complexities and implementation challenges.

One such example is outlined below.

TGW diagram

Example AWS Transit Gateway (TGW) Global Diagram

AWS Transit Gateway diagram

AWS Transit Gateway is a cloud-based tool that permits a simplified, secure networking approach for companies requiring a hybrid solution that can scale according to their global/multi-site enterprise business needs. The AWS Transit Gateway integrates with Palo Alto Security Devices, which helps to reduce the organization’s risk footprint.

AWS Transit Gateway architecture is used to consolidate site-to-site VPN connections from your on-premises network to your AWS environment and support connectivity between your team development and workload hosting VPCs and your infrastructure shared services VPC. This information will help you make a more informed decision as you consider the recommended approach of using AWS Transit Gateway.

AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once.

As you expand globally, inter-region peering connects AWS Transit Gateways together using the AWS global network. Your data is secured automatically and encrypted; it never travels over the public internet, only on the AWS Global Network. Because of its central position, AWS Transit Gateway Network Manager has a unique view over your entire network, even connecting to Software-Defined Wide Area Network (SD-WAN) devices.

General tips

Data transfer charges apply based on the source, destination, and amount of traffic. Here are some general tips for when you start planning your architecture:

  • Avoid routing traffic over the internet when connecting to AWS services from within AWS by using VPC endpoints:
  • VPC gateway endpoints allow communication to Amazon S3 and Amazon DynamoDB without incurring data transfer charges within the same Region.
  • VPC interface endpoints are available for some AWS services. This type of endpoint incurs hourly service charges and data transfer charges.
  • Use Direct Connect instead of the Internet for sending data to on-premises networks.
  • Traffic that crosses an Availability Zone boundary typically incurs a data transfer charge. Use resources from the local Availability Zone whenever possible.
  • Traffic that crosses a regional boundary will typically incur a data transfer charge. Avoid cross-Region data transfer unless your business case requires it.
  • Use the AWS Free Tier. Under certain circumstances, you may be able to test your workload free of charge.
  • Use the AWS Pricing Calculator to help estimate the data transfer costs for your solution.

Use a dashboard to visualize better data transfer charges – this workshop will show how.

Cybersecurity

A Cybersecurity approach includes how to address a global enterprise architecture.

A collaborative approach permits meetings to review the global enterprise architecture/workflow.

Hold an introductory overview session to gather the preliminary information for each of the sections listed above and in relation to a phased/planned approach for introducing the AWS Transit Gateway. The phases can include compliance with standards such as NIST.

This extensive security approach would cover all the items listed in the prior sections and the required daily business workflows from end to end.

Global/multi-site security certificates, data at rest, data in transit, networks, firewalls/security devices, circuits, and communications. Topics include Strategies, Securing the Edge, Risk-based Cyber assessment, MTDR (Managed Threat Detection and Response), and Endpoint/Network Security

In the future, we will review other Cybersecurity offerings with AWS Services and the reasons why a company would want to invest in AWS Transit Gateway.

Conclusion

AWS provides the ability to deploy across multiple Availability Zones and Regions. This allows organizations to reduce the complexity of their architecture, improve overall performance, and increase dynamic scalability. By streamlining networks and removing unnecessary middlemen, organizations can also improve overall security by reducing risks associated with having multiple vendors while also increasing operational oversight across their infrastructure.

This blog post provided information to help you make an informed decision and explore different architectural patterns to save on data transfer costs. AT&T Cybersecurity offers services to assist you in your joouney. You can review the references listed below to gain additional perspective.

References & Resources

The post Introduction to the purpose of AWS Transit Gateway appeared first on Cybersecurity Insiders.


May 30, 2023 at 09:10PM

Things ChatGPT cannot but Google Bard can do

Google has released its new AI chat service dubbed Bard in over 180 countries, with 15 more to follow by the end of next month. Bard is nothing but a Google owned and a sure-shot competitor to Microsoft-owned OpenAI-developed ChatGPT service that can answer anything and everything.

But there’s more to the release of the Alphabet Inc. company, and here’s some knowledge to share about it:

1.) ChatGPT offers answers from its own data repository, but Google Bard can offer answers sieved from the internet, giving users a great chance to find relevant information.

2.) In the coming months, Bard will be integrated with Gmail, allowing users to write emails, search emails, and use it for multiple purposes. On the other hand, ChatGPT doesn’t allow integration with Gmail or its own Outlook.

3.) In its beta version, Bard allows users to import files from Gmail and Google Docs, making it easy for them to utilize the generated content.

4.) ChatGPT doesn’t allow voice prompts, but Google’s new chat-based service does, making it easy for users to inquire using their voice rather than the typical typing format.

5.) OpenAI’s chatbot, ‘ChatGPT,’ was trained to answer questions using the repository it built until September 2021. However, Bard can answer questions with the latest content generated until April this year, providing professionals and students with the latest information from the AI-based conversational chatbot.

6.) Bard can explain coding in about 20 programming languages as soon as the user shares a link. However, as ChatGPT is not connected to the internet, it cannot explain programs from a link.

NOTE: Bard is available in Korean, Japanese, and Indian Hindi languages and will soon support 40 more languages. However, the reliability factor is currently missing in both machine learning models.

The post Things ChatGPT cannot but Google Bard can do appeared first on Cybersecurity Insiders.


May 30, 2023 at 08:35PM

Monday, May 29, 2023

Cybersecurity news headlines trending on Google

MCNA, also known as Managed Care of North American Dental, has issued a statement on its website regarding a data breach it is currently experiencing, which has compromised the information of over 9 million patients. As the largest government-sponsored health insurance organization, MCNA states that its systems were possibly infiltrated on February 26th, 2023, but the breach was only identified by its IT staff in the first week of March this year.

The stolen information includes the full names, addresses, dates of birth (DoBs), contact numbers, email IDs, social security numbers, driving license details, health insurance plan details, insurance IDs, patient data such as the patients’ use of lenses, spectacles, and braces, as well as insurance claims history and bills.

The Maine Attorney General confirmed that the breach impacted approximately 8,923,662 patients, including their parents, guardians, and guarantors. The LockBit Ransomware gang has taken responsibility for the attack and has threatened to publish all the 1TB of data stolen from the incident if their ransom demand of $10 million is rejected.

The second piece of news was revealed by a security firm named Cyber Sentience. This firm, specializing in threat intelligence, stated that information related to access to the IT systems of New Zealand schools and tertiary institutes was being traded on certain websites on the dark web for a meager $500 USD.

Cyber Sentience issued a cautionary statement, informing that information related to 8 universities and login details for computer and email networks of over 556 school institutes were already being traded on the web.

The third news item relates to malware designed to disrupt power utility computer networks. Dubbed Cosmicenergy, the malware has the capability to steal and destroy information and applications running on the transmission and distribution network.

Russian intelligence is suspected to be behind the development of the malware, which shares similarities with previous versions with similar motives, such as Industroyer, which attempted to disrupt power grids in Ukraine in March 2022.

The post Cybersecurity news headlines trending on Google appeared first on Cybersecurity Insiders.


May 30, 2023 at 10:21AM

US Augusta City targeted by BlackByte Ransomware Group

The City of Augusta in the United States has been struggling to regain control of its computer network as hackers spread ransomware, reportedly stealing data and encrypting the database until a ransom is paid.

To substantiate their claims, the BlackByte ransomware group, responsible for the incident, has posted 10GB of sample data and threatened to release more if the victim fails to pay the demanded sum.

Mayor Garnett Johnson, the head of the city located in Georgia, stated that the attack was indeed a file-encrypting malware and that the staff is working around the clock to contain the malware’s spread and mitigate the associated risks.

Unfortunately, the Mayor of Augusta has lost contact with the gang, as they have chosen to conceal their whereabouts, suspecting that they might be tracked by law enforcement soon.

The Mayor of Augusta has not yet confirmed that the gang behind the incident is BlackByte and is unsure about the timeframe for data recovery.

However, technology news resource Bleeping Computer has confirmed the details about the gang, including the fact that they stole sensitive data such as payroll information, images of homeless people, tax information, contact details, addresses, contacts, and budget-related data. Additionally, the website also stated that the hackers’ ransom demand is $400,000, solely to delete the stolen information, and they have released a threatening statement that they will resell it for $300,000 if their demands are not heeded in time.

NOTE: BlackByte is a notorious gang of criminals known for engaging in double extortion attacks. The group is also known to target the same victim multiple times in a year if the victim fails to patch the vulnerabilities through which the previous infiltration occurred.

The post US Augusta City targeted by BlackByte Ransomware Group appeared first on Cybersecurity Insiders.


May 29, 2023 at 08:34PM

Sunday, May 28, 2023

Now ransomware hackers targeting backups for ransom pay assurance

A new study conducted by Veeam Software claims that hackers have shifted their focus towards backup storage appliances, as they provide assurance that the victim will definitely pay the demanded ransom amount.

According to Veeam’s 2023 Ransomware Trends report, one in 7 organizations has been infected with file-encrypting malware in the past year. Out of these organizations, at least 80% were forced to pay a ransom because their backup storage appliances were also encrypted by the malicious software, leaving them no choice but to comply with the hackers’ demands.

Interestingly, Veeam software also sheds light on the ransom payments made for cyber-attacks. It alleges that victims’ negligence in protecting their data from infiltrations creates a conducive environment for cybercriminals to wreak havoc in the online marketplace.

The Veeam survey also highlights the fact that paying a ransom does not guarantee recoverability, as threat actors never provide assurance that they will promptly return the decryption key upon receiving the ransom.

What if they demand more for the decryption key or fail to delete the stolen data in the case of double extortion attacks? What if they repeatedly target the same victim because they have found a way into the victimized network?

While Veeam, being a backup software provider, maintains a neutral opinion on those spreading ransomware, it is advisable not to pay a ransom to hackers. Instead, it is better to invest in technologies that offer on-site and off-site backup appliances, as well as cloud resources.

The post Now ransomware hackers targeting backups for ransom pay assurance appeared first on Cybersecurity Insiders.


May 29, 2023 at 10:13AM

Unleashing the Power of AI with Caution: Understanding Cybersecurity Risks

Artificial Intelligence (AI) has emerged as a game-changer, revolutionizing industries and transforming the way we live and work. However, as AI continues to advance, it brings with it a new set of cybersecurity risks and challenges. In this blog, we will delve into the potential risks associated with AI and the importance of implementing robust cybersecurity measures to safeguard against these threats.

 

AI’s Vulnerabilities:

AI systems are not immune to vulnerabilities and can be exploited by cybercriminals. One major concern is adversarial attacks, where malicious actors manipulate AI models by injecting subtle modifications into input data, causing the system to make incorrect or biased decisions. These attacks can have significant consequences in various domains, such as autonomous vehicles, medical diagnosis, or financial systems.

 

Data Poisoning and Manipulation:

AI models heavily rely on vast amounts of data for training and decision-making. However, if the training data is compromised or poisoned, it can lead to biased outcomes or erroneous predictions. Cyber attackers can intentionally manipulate training data to trick AI systems into making incorrect decisions, potentially resulting in serious consequences. Protecting the integrity and quality of training data is crucial to prevent these types of attacks.

 

Model Theft and Replication:

AI models are valuable assets, representing significant investments in time, resources, and expertise. Sophisticated attackers may attempt to steal or replicate AI models to gain a competitive advantage or exploit their capabilities for malicious purposes. Safeguarding the intellectual property and proprietary algorithms behind AI models is vital to prevent unauthorized access and misuse.

 

Privacy and Ethical Concerns:

AI systems often process vast amounts of personal and sensitive data, raising concerns about privacy and ethical implications. Inadequate security measures or vulnerabilities in AI systems can result in data breaches, leading to the exposure of personal information and potential privacy violations. Ensuring robust data protection mechanisms, such as encryption and access controls, is essential to maintain user trust and comply with privacy regulations.

 

Lack of Explainability and Accountability:

AI models, particularly those based on deep learning techniques, can be opaque and difficult to interpret. This lack of explainability poses challenges when it comes to understanding the reasoning behind AI-driven decisions. In critical sectors like healthcare or finance, the inability to explain AI’s decision-making process may lead to distrust and hinder accountability. Balancing transparency and performance in AI models is crucial to ensure responsible and accountable AI applications.

 

Mitigating AI Cybersecurity Risks:

To mitigate the cybersecurity risks associated with AI, organizations must adopt proactive measures:

 

Robust Security Infrastructure: Implement comprehensive security measures to protect AI systems, including secure development practices, regular vulnerability assessments, and robust access controls.

 

Adversarial Training: Train AI models to recognize and withstand adversarial attacks by exposing them to carefully crafted malicious inputs during the training phase.

 

Data Governance: Establish strict data governance policies to ensure the integrity and quality of training data, including data validation, data lineage tracking, and monitoring for data poisoning attempts.

 

Continuous Monitoring and Response: Implement real-time monitoring and detection systems to identify anomalies, potential attacks, or unauthorized access to AI systems. Develop incident response plans to mitigate and contain any breaches or attacks swiftly.

 

Collaboration and Industry Standards: Foster collaboration between AI researchers, industry experts, and policymakers to establish best practices, guidelines, and standards for AI cybersecurity.

As AI continues to revolutionize industries and drive innovation, it is crucial to acknowledge and address the associated cybersecurity risks. By understanding and proactively mitigating these risks, we can unlock the full potential of AI while ensuring the safety, privacy, and integrity of our systems and data. Implementing robust cybersecurity measures and promoting responsible AI practices will pave the way for a secure and trustworthy AI-driven future.

The post Unleashing the Power of AI with Caution: Understanding Cybersecurity Risks appeared first on Cybersecurity Insiders.


May 28, 2023 at 06:48PM

Friday, May 26, 2023

Insider threat leads to Tesla data breach

A Tesla employee has reportedly stole about 100GB of data related to the automaker and handed it over to a media company, which has now released a portion of the details. According to a German media resource Handelsblatt, the leaked information from the Tesla Files include sensitive details related to 100,000 names of current and former employees including the social security number of Tesla CEO Elon Musk his itinerary for the next few months.

It is unclear how the employee got hold of the data and whether he/she was coaxed to do so by the company in exchange for monetary benefits.

Cybersecurity Insiders has learnt that the employee who was shown the door a few weeks back, might have downloaded the information file and might have sold it to the news resource for a fat pay cheque. Presumably, the leaked info includes 1400 PDF files, 1015 excel sheets, 213 power point presentations and 1000s of customer complaints related to auto-pilot cars.

Concerningly, the siphoned data also includes customer information where one can easily track down the details of a customer by just typing the VIN number of a purchased Tesla model- mainly auto-pilot and the autonomous cars.

What if the tesla data leak reaches some evil minds who use various hacking techniques to take control of the purchased models?

Joseph Alm, the leader of the Legal Counsel Litigation, Tesla, Inc, said that the company was aware of the incident and is busy investigating it deeply to unravel the Tesla information leak.

As the electric car maker failed to safeguard the information of its customers and employees, the Dutch data watchdog is planning to investigate the Tesla Data Breach through a special team comprising senior law enforcement authorities of Netherlands and might slap a heavy penalty, if/when the firm is found guilty.

The post Insider threat leads to Tesla data breach appeared first on Cybersecurity Insiders.


May 26, 2023 at 08:41PM

Will AI technology change our lives to good or bad

The impact of AI technology on our lives is a complex and multifaceted topic. It has the potential to bring both positive and negative changes, depending on how it is developed, implemented, and regulated. Here are some key considerations:

Positive Impacts

Increased Efficiency and Productivity: AI has the potential to automate repetitive tasks, allowing humans to focus on more complex and creative endeavors. This can lead to enhanced productivity and efficiency in various industries.

Advancements in Healthcare: AI can aid in the diagnosis and treatment of diseases, enabling earlier detection and personalized medicine. It can also assist in medical research, drug discovery, and the development of more effective treatment methods.

Enhanced Safety and Security: AI technologies, such as facial recognition and predictive analytics, can contribute to improved security systems and crime prevention. It can help identify potential risks and enhance public safety measures.

Personalized Experiences: AI-powered algorithms can analyze vast amounts of data to provide personalized recommendations, services, and experiences. This can enhance customer satisfaction and tailor products and services to individual needs.

Negative Impacts:

Job Displacement: As AI automates certain tasks, there is a concern that it could lead to job losses or shifts in employment opportunities. Industries that heavily rely on manual or repetitive work may be particularly vulnerable.

Ethical Considerations: AI raises ethical concerns such as privacy invasion, algorithmic bias, and the potential for misuse of AI-powered technologies. It is crucial to address these issues through robust regulations and ethical frameworks.

Social Inequality: The deployment of AI systems could exacerbate existing social inequalities if access to and benefits from AI technologies are not distributed equitably. It is essential to ensure that AI is inclusive and accessible to all segments of society.

Dependence and Unintended Consequences: Overreliance on AI systems without proper safeguards or human oversight could lead to unintended consequences or vulnerabilities. It is vital to strike a balance between the capabilities of AI and human judgment.

Ultimately, whether AI technology changes our lives for good or bad depends on how we navigate these challenges. By fostering responsible AI development, addressing ethical concerns, and ensuring equitable access, we can harness the potential of AI to bring positive and transformative changes to society while mitigating any negative impacts.

The post Will AI technology change our lives to good or bad appeared first on Cybersecurity Insiders.


May 26, 2023 at 11:11AM

Thursday, May 25, 2023

AI demand accelerates NVIDIA market value to $1 trillion

NVIDIA’s market value is set to soar to an impressive $1 trillion by the end of this year, driven by the rising demand for processors in the Artificial Intelligence (AI) technology sector.

With sales reaching a record-breaking $11 billion and a remarkable premarket trading value surge of 29% in recent months, NVIDIA owes its success to the immense demand for silicon wafers in the computing market, particularly in the realm of machine learning.

Experts in the trading industry anticipate that the Santa Clara-based company will soon join the exclusive club of trillion-dollar companies, alongside tech giants like Alphabet, Apple, and Microsoft, who have already achieved this remarkable milestone.

Jensen Huang, the CEO and Founder of NVIDIA, expressed his belief that data centers worldwide are on the brink of an extraordinary transformation due to the rapid advancements in AI technology. In response to this, NVIDIA is determined to cater to the industry’s needs by introducing innovative processors that operate at speeds tens and thousands of times faster, keeping up with the ever-evolving AI algorithms.

However, there are concerns regarding the unrestrained development of AI technology without proper limitations and legal boundaries. Eric Schmidt, former CEO of Google, warns against the potential misuse of smart AI-enabled products, suggesting they could be used for harmful purposes. His views echo those of Elon Musk, the CEO of Tesla and Twitter.

The post AI demand accelerates NVIDIA market value to $1 trillion appeared first on Cybersecurity Insiders.


May 26, 2023 at 11:04AM

Happy Mother’s Day! Serving, surviving, and thriving as a mom with a cyber career

Being a mother and working in cybersecurity necessitates unique skillsets. As mothers, we understand time management, communication, and positive reinforcement. We emphasize the value of clear instructions and providing positive reinforcement. Mothers possess the capacity to remain calm and composed in any circumstance, while also possessing the skillset needed to coach, teach, or evaluate a situation. We excel at active listening which gives us an in-depth comprehension of any issue at hand.

Ultimately, mothers make invaluable assets to the cybersecurity field. We understand the necessity of prioritization and how to make the most out of any situation. We recognize that we cannot have it all at once, but together we can achieve a healthy work/life balance by delegating or outsourcing where feasible. Together, we can secure our futures – both at home and at work – by taking steps towards security today and tomorrow.

Prioritization

Prioritization is an integral element of cybersecurity. Organizations use it to prioritize tasks and resources, detect potential vulnerabilities, take immediate action to reduce the risk of attack, set achievable goals, and stay motivated towards achieving those objectives. By prioritizing their efforts, companies can guarantee their networks and data remain fully safeguarded.

Prioritization helps organizations identify which potential threats and risks are the most critical, so they can prioritize them for priority action. Prioritizing also helps organizations allocate their resources efficiently to tackle the most pressing concerns. By adopting a proactive cybersecurity approach, companies can better safeguard their data, systems, and networks from malicious actors.

Investments in Cybersecurity

When it comes to prioritizing investments in cybersecurity, we understand the critical need for organizations to have adequate resources and technology to protect networks and data. Investing in advanced technology can help organizations stay ahead of threats while providing protection from current ones. Furthermore, investing in training, awareness, and incident response programs helps organizations remain prepared and mitigate any potential risks.

Prioritizing alerts in cyber operations requires organizations to make sure they receive essential information quickly. We believe organizations must be alerted when suspicious activity is detected and be able to act swiftly. Furthermore, organizations must assess potential risks and mitigate them as quickly as possible.

Finally, we understand the criticality of prioritizing active response, risk mitigation, customers, and people – not to mention brand and reputation. Organizations should create an comprehensive active response plan tailored specifically for their requirements. Additionally, we recognize the significance of understanding and managing risk; organizations should prioritize their customers, people, zero trust, brand and reputation to guarantee maximum security.

Overall, mothers can be invaluable resources in this field of cybersecurity. We understand the critical role prioritization plays and how to maximize any situation. By prioritizing investments, alerts, active response plans, risk assessments, customers and people issues as well as zero trust policies – not to mention brand and reputation protection – we can create a cybersecurity strategy that safeguards our organizations from malicious attacks.

The post Happy Mother’s Day! Serving, surviving, and thriving as a mom with a cyber career appeared first on Cybersecurity Insiders.


May 25, 2023 at 09:09PM