Your Daily Decrypt

8/11/2023 - Today’s news and insights for cybersecurity pros and leaders

📸 Cybersecurity Snapshot

Here are some key Linux commands for cybersecurity, covering everything from network scanning to user management in one concise chart.

📰 Top Stories 

Summary

What are AMD Inception and Intel Downfall? Two new chip vulnerabilities that have led to the release of Linux security patches.

How Do They Work? AMD Inception and Intel Downfall are speculative side-channel attacks leading to privileged data leakage to unprivileged processes. Inception targets AMD's Zen 3 and Zen 4 architectures, while Downfall affects Intel Core processors from the 6th to 11th generation.

Impact on Users: AMD believes Inception is only potentially exploitable locally, but researchers warn it could be used in cloud computing. Intel's Downfall can be used to steal security keys and passwords and has a significant performance impact.

Linux's Response: Linux creator Linus Torvalds released patches to address both vulnerabilities. AMD patches were refined by an Intel-affiliated developer, reflecting the open-source community spirit. Patches have been incorporated into various Linux versions, including Long-Term Support (LTS) series kernels.

Advice for Users: Users should be prepared to install new microcode and follow up with Linux system patching. The impact will be more significant for servers and clouds.

Why it’s important to you

Potential Threat to Systems Security: Both AMD Inception and Intel Downfall vulnerabilities represent considerable risks to the security of both personal and cloud-based systems, requiring immediate attention.

Performance Considerations: The fix for Intel's Downfall may cause up to a 50% overhead, though Linux's slowdown may not be as severe. It's essential to be aware of the performance implications of the patches.

Necessity for Timely Patching: With the patches readily available, timely updates are crucial to avoid potential exploits, especially for servers and cloud systems running Linux.

Summary

What's Happening with Generative AI Bans? Three-quarters of global businesses are implementing or considering bans on generative AI applications like ChatGPT within the workplace. According to a Blackberry survey, 61% view these bans as long-term or permanent.

Why the Bans? Concerns about data security, privacy, corporate reputation, and potential cybersecurity threats are driving these decisions. The survey found 83% of IT decision makers believe unsecured generative AI poses a threat to corporate IT, leading to an inclination toward complete bans.

Opportunities and Risks of Generative AI: While recognizing the potential for generative AI to enhance efficiency (55%), innovation (52%), and creativity (51%), businesses are also grappling with the need to implement specific security policies to address the growing adoption of this technology.

What Should Organizations Do? A cautious, yet dynamic approach is recommended by experts, with the development of business-aligned security policies that support technology adoption without stifling innovation.

Connection to OWASP Top 10 for LLMs: The data comes after the OWASP's publication on the key security challenges with large language models (LLMs), further emphasizing the need for appropriate measures.

Why it’s important to you

Understanding the Shifting Landscape: The growing trend of banning generative AI applications in the workplace reflects a complex balance between seizing technological opportunities and managing associated risks.

Implications for Cybersecurity: With the majority of businesses concerned about the cybersecurity threat posed by unsecured generative AI, the need for a measured, strategic approach to incorporating this technology is paramount.

Consideration for Innovation and Business Strategy: A well-crafted policy approach ensures that innovation and business potential are not quashed, requiring a focus on visibility, monitoring, and management of applications.

Summary

What is OpenAI's New Project? OpenAI is preparing to launch a new web crawler, internally known as 'GPTBot' or 'GPT-5,' aimed at enhancing data-gathering capabilities from the internet. The crawler is a versatile data scraper designed to quickly navigate the web.

Why is OpenAI Developing This? This move aligns with OpenAI's goal of expanding accessibility and AI capabilities. The new web crawler will amplify OpenAI's access to diverse and relevant data sources, enriching the user experience across various applications.

Reactions and Considerations: The announcement has generated excitement and curiosity within the tech community, with discussions on platforms like Hacker News focusing on the potential capabilities, technical nuances, and ethical considerations of the technology.

Potential Impact: The introduction of GPTBot could revolutionize data scraping and synthesis, further solidifying OpenAI's standing as a trailblazer in the AI landscape.

Why it’s important to you

Insight into Cutting-Edge AI Development: OpenAI's new web crawler represents an innovative step in AI-driven data aggregation, offering a glimpse into the future of information retrieval and knowledge synthesis.

Consideration of Ethical Implications: The project raises questions about balancing data acquisition with privacy concerns, reflecting broader challenges in the responsible development and deployment of AI technologies.

Potential Revolution in Data Scraping: GPTBot's ability to rapidly navigate the complex web terrain could be a game-changer in various AI applications, emphasizing the ongoing evolution of AI capabilities.

🚨 Threat Alerts

Summary

The New Threat: "Downfall" Vulnerability in Intel Core Processors (CVE-2022-40982): Several Intel Core processors, including those in desktop computers, laptops, tablets, and cloud servers, are susceptible to a new class of attacks called "Downfall." The vulnerability is tied to memory optimization features in Intel processors, unintentionally revealing internal hardware registers to software, enabling unauthorized access to sensitive data.

Two Exploitation Techniques: Research scientist Daniel Moghimi at Google discovered two exploitation techniques - Gather Data Sampling (GDS) and Gather Value Injection (GVI) - that can be used to steal sensitive information, including AES keys and Linux kernel data. The GDS technique is considered highly practical and can bypass OS, virtual machine isolation features, and previously implemented mitigations.

Affected Processors and Solutions: Processors from the Skylake, Tiger Lake, and Ice Lake families are affected, while newer generations block the attacks. Intel has released a microcode update to prevent the attack, and various companies such as Citrix, AWS, Google, VMware, and Debian have issued security bulletins with fixes.

Implications for Other CPU Vendors: Moghimi's findings could have broader implications for other CPU vendors, even though each vendor implements the hardware differently. Preliminary tests on AMD Zen2 showed no data leaks, but further investigations are planned.

Other Recent CPU Attacks: The report also mentions recent attacks against CPUs, such as Zenbleed affecting AMD Zen2 CPUs and Inception against AMD processors, both of which have mitigation strategies in place.

Why it’s important to you

Potential Risk to Your Devices: If you or your organization utilize devices with the affected Intel Core processors, you may be at risk of data theft and unauthorized access.

Immediate Action Required: Updating to the latest firmware provided by the system manufacturer is recommended to address these issues. Intel has released a microcode update to block the attacks, and other companies have also implemented fixes.

Insight into Evolving Cyber Threat Landscape: Understanding the nature of the "Downfall" attacks and other CPU vulnerabilities highlights the evolving nature of cyber threats and emphasizes the importance of vigilance and regular updates in maintaining cybersecurity.

Summary

Hardcoded Encryption Key Flaw in Dell's Compellent Integration Tools for VMware (CVE-2023-39250): A significant vulnerability has been found in Dell's Compellent Integration Tools for VMware (CITV), where a hardcoded AES encryption key can allow attackers to decrypt stored vCenter admin credentials and retrieve them in cleartext.

How It Works: The flaw is due to a static AES key shared across all installs of the software, which encrypts the vCenter credentials stored in the program's configuration file. Researchers at LMG Security discovered that the key is identical for all Dell customers, making it possible for an attacker to decrypt the configuration file and access the encrypted password.

Impact and Risk: The flaw exposes VMware vCenter admin credentials, potentially giving unauthorized users access to sensitive data and systems. The vulnerability could be exploited by rogue insiders or attackers with access to Dell CITV.

Response from Dell: Dell was informed about the discovery on April 11th, 2023, and initially dismissed the report before promising to roll out a fix by November 2023. Following the public disclosure of the flaw, Dell shared an advisory that suggests changing the root password of Compellent devices as a mitigation. However, the effectiveness of this recommendation is still unclear.

Why it’s important to you

Potential Security Risk for Enterprises: If your organization uses Dell's Compellent Integration Tools for VMware, this vulnerability poses a serious security risk that could lead to unauthorized access to admin credentials.

Immediate Action Required: While Dell has suggested changing the root password of Compellent devices, further guidance and a clear solution are needed. Stay updated on Dell's response and follow any recommended mitigation strategies to protect your systems.

Highlighting Security Practices: This discovery underscores the importance of avoiding hardcoded keys and promoting good security practices within software development. Similar hardcoded keys were discovered in other vendors' products in the past, emphasizing a common issue in the industry.

Summary

What is GTP in Mobile Networks? GTP (GPRS Tunnelling Protocol) is a vital mobile network protocol that can be exploited for intercepting sensitive user data, engaging in fraudulent activities, or disrupting network services.

How Attackers Exploit GTP: The SecurityGen report found that 77% of networks had no cyber-security measures against GTP-based attacks. Weaknesses such as subscriber information disclosure, fraudulent activity, targeted attacks on subscribers, denial-of-service attacks, and user traffic interception were found across the networks assessed.

Lack of Functional GTP Firewall: No network was found to have an active, properly configured GTP firewall, which could significantly improve security.

Need for Comprehensive GTP Protection: The report emphasizes robust GTP protection strategies, including GTP firewalls, GSMA-recommended protections, intrusion detection systems, and regular monitoring.

Why it’s important to you

Highlighting Critical Vulnerabilities in 5G and LTE Networks: SecurityGen's report provides a detailed view of the vulnerabilities within the GTP protocol, especially in the context of growing 5G networks.

Implications for Network Security: The findings indicate a significant lack of robust security measures, exposing networks to various threats.

Calling for Immediate Action: The interconnected nature of 3G, 4G, and 5G networks and the risks associated with GTP vulnerabilities require immediate action from operators and the wider telecom industry to secure the interconnected digital future.

⚖️ Regulatory Updates

Summary

What is New York's Cybersecurity Strategy? Governor Kathy Hochul has announced New York State's first comprehensive cybersecurity strategy, aiming to protect critical infrastructure and residents' personal data from cyber threats.

Key Strategic Pillars:

  1. Operating State Networks Securely: Ensuring the resilience and security of New York state's networks.

  2. Collaboration with Stakeholders: Working together with key stakeholders, including private sectors owning most of the state's critical infrastructure.

  3. Regulating Critical Industries: Implementing regulations to protect vital industries.

  4. Communicating Cybersecurity Guidance: Offering advice and guidance on cybersecurity matters.

  5. Growing the Cybersecurity Workforce: Developing New York's cybersecurity workforce and economy.

Previous Steps and Investments: The strategy builds on previous actions like establishing a Joint Security Operations Center, appointing the state's first chief cyber officer, and allocating funds to strengthen local government systems and protect manufacturing and critical infrastructure.

Why it's Crucial: With over 25,000 New Yorkers falling victim to cybercrime last year, resulting in $777 million in losses, and the state's vital role as an economic and financial center, New York is a prime target for nation-state threat actors and criminal hackers.


Why it’s important to you

A Model for Statewide Cybersecurity: New York's comprehensive strategy could set a precedent for other states, offering a cohesive approach to cybersecurity that involves collaboration between public and private sectors.

Emphasis on Protecting Critical Infrastructure: The strategy highlights the importance of safeguarding essential services, impacting various sectors and industries.

Growing Focus on Cybersecurity Investments: The state's significant financial commitments reflect a broader trend of governments recognizing the necessity of investing in cybersecurity, which might influence policies and budgets in other regions.

Impact on Local Communities: The strategy underscores the risks to local communities and the need for adequate protection measures, including cyber insurance, something that could be relevant to municipalities and local governments elsewhere.

Summary

11 Wall Street Firms Fined for Using WhatsApp: Fined $549 million for using unauthorized communication channels like WhatsApp and Signal to conduct business.

North Korean Hackers Breached Russian Missile Maker: North Korean hackers targeted Russian rocket design firm NPO Mashinostroyeniya, implanting backdoors into their systems.

Ivanti Backtracked on Bug Assessment: Flaw in Endpoint Manager Mobile tool affects all versions, not just a few as initially stated.

Ransomware Attacks Cost Manufacturers $46B: The manufacturing sector suffered heavy losses from ransomware attacks between 2018 and July 2023.

Cyberattack Shuts Down Gemini North Observatory: Observations were suspended at the telescope in Hawaii following a detected cyberattack attempt.

Ad Fraud Targets Android Users: Adware campaign targeting Korean Android users discovered, involving 43 rogue apps.

British Columbia Healthcare Workers' Personal Info Breached: Personal data of thousands of healthcare workers may have been compromised in a significant breach.

Why it’s important to you

Widespread Cybersecurity Threats: The roundup highlights various forms of cyber threats targeting different sectors and technologies, reflecting the complex landscape of cybersecurity.

Implications for Various Industries: The breaches and attacks mentioned in the article reveal vulnerabilities that may be present in your organization's industry, requiring awareness and preparedness.

Emphasizing Proactive Security Measures: The array of incidents underscores the need for robust security protocols, constant monitoring, and collaboration across sectors to thwart cyber threats.

👀 Curated Finds

Summary

What Happened at Black Hat USA's Keynote? Maria Markstedter, founder of Azeria Labs, opened Black Hat USA with a keynote focusing on the promise and perils of AI, warning that AI language models need supervision like "troubled teenagers."

Emerging Army of Autonomous AI Bots: Markstedter spoke about a likely emerging trend of autonomous AI bots, comparing current AI technology to the insecure first-generation iPhone. She expressed concerns about an AI arms race that neglects security and safety.

Generative AI and Multimodal AI Models: Today's AI, dominated by generative models, is unimodal, analyzing one input at a time. The next big push in AI, according to Markstedter, is autonomous AI agents that can process multimodal data inputs, pulling information from various sources like text, audio, and visual data.

Risks and Challenges: The more data sources an AI system pulls from, the greater the risk of corruption and malicious manipulation. The rise of machine learning as a service and the quest for truly autonomous AI agents will require a reexamination of access management and data security.

Call to Action for the Cybersecurity Community: Markstedter challenged the community to develop tools for decompiling and reverse-engineering AI, rethink identity access management, and seriously consider the implications of autonomous AI agents within enterprises.

AI Cyber Challenge Announcement: Perri Adams, program manager for DARPA’s Information Innovation Office, announced the AI Cyber Challenge (AIxCC), a competition to drive AI innovation in cybersecurity.

Why it’s important to you

Understanding the Evolving Landscape of AI: Markstedter's insights shed light on the rapid development of AI technology, its potential, and the accompanying risks, particularly as AI becomes more autonomous.

Implications for Cybersecurity: The keynote underscores the need for vigilance, innovation, and adaptability in cybersecurity, as AI continues to evolve and integrate into various facets of business and technology.

Future of AI and Security Protocols: The shift toward multimodal and autonomous AI agents demands new tools, methods, and considerations within the cybersecurity community, marking a pivotal moment in technological advancement.

Summary

What Happened in Israel? Bobi Gilburd, Chief Innovation Officer at Team8 and former commander of the 8200 unit’s Cyber Center, commented on the recent ransomware attack on Mayanei Hayeshua hospital in Israel. He explained that such attacks are common and what sets organizations apart is their response and recovery.

The Role of Generative AI in Ransomware Attacks: Gilburd noted that AI, particularly generative AI, is transforming the landscape of cyber threats, making phishing emails and other deceptive tactics more convincing. However, he emphasized that AI is also the key to countering these evolving threats.

Anatomy of a Ransomware Attack: The process starts with phishing, often via email, and can be followed by a spreading attack if the first lines of defense fail. The ransomware encrypts data, leading to a ransom demand. The response varies depending on defenses like hot backup systems and the willingness to pay the ransom.

Generative AI's Changing Game: With tools like ChatGPT, phishing emails can be drafted in any language, appearing human-crafted. Even voice and video synthesis are becoming possible, intensifying human vulnerability.

AI as a Solution and Defense Strategy: Gilburd argued that the solution to AI-driven attacks is AI itself, and that cybersecurity companies must leverage AI capabilities. He also highlighted how AI disrupts the traditional asymmetry between attackers and defenders, offering new capabilities to the latter.

Israel's Preparedness: While acknowledging room for improvement, Gilburd expressed satisfaction with Israel's awareness and evaluation of national infrastructure protection, citing the experience within the National Cyber Directorate.

Why it’s important to you

Insight into Modern Cyber Threats: The discussion with Gilburd offers valuable insights into how generative AI is shaping modern cyber threats and defenses, highlighting both the challenges and opportunities presented by AI in cybersecurity.

Understanding the Dynamics of Ransomware Attacks: The detailed breakdown of a ransomware attack's anatomy, from inception to resolution, provides a comprehensive view of the steps, vulnerabilities, and countermeasures involved.

Implications for Cybersecurity Strategy: The emphasis on AI as both a threat and a solution underscores the need for proactive adaptation and the integration of AI-enhanced security products to counter evolving threats.



Thank you 🙏
Ali Abidi