NSA Wants to Protect America's AI Edge

PLUS: Rich Pickings at the Network Edge

Your weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Patrick Gray. It's supported by the Cyber Initiative at the Hewlett Foundation and this week's edition is brought to you by Proofpoint.

You can subscribe to an audio version of this newsletter as a podcast by searching for "Risky Business News" in your podcatcher or subscribing via this RSS feed. Find this edition here and on Apple podcasts:

A spy in a data centre, Stable Diffusion

The US National Security Agency (NSA) is creating a new Artificial Intelligence Security Center to develop secure AI for use in defence and national security. The Center will also work to maintain the US's AI advantage by protecting against intellectual property (IP) theft.

The Director of NSA and US Cyber Command, General Paul Nakasone, announced the creation of the new centre in a speech at the National Press Club in Washington DC.

In his speech Nakasone pithily described AI security as "about protecting AI systems from learning, doing and revealing the wrong thing", before listing some goals of the new centre:

The AI Security Centre will become NSA's focal point for leveraging foreign intelligence insights, contributing to the development of best practices, guidelines, principles, evaluation methodology and risk frameworks for AI security. With an end goal of promoting the secure development, integration and adoption of AI capabilities within our national security systems and our defence industrial base.

The AI Security Center will also help industry understand the threats against their intellectual property and collaborate to help prevent and eradicate threats.

The AI Security Center will work closely with US industry, national labs, academia, across the IC and Department of Defense and select foreign partners.

In other words, helping develop secure AI that contributes to national security, while stopping other countries stealing the technology (looking at you, China).

What Nakasone has announced seems fair enough. Bringing the NSA's AI efforts together in a place where the organisation can more easily collaborate with external partners is a good move.

We also agree with Nakasone that AI security is "principally a cyber security responsibility". Making AI secure may require new tools and techniques, but traditional cyber security  methodologies and thought processes will be transferable when developing AI security frameworks.

The assumption underpinning the launch of the AI Security Center is that AI will transform defence, national security and other industries and sectors. But Nakasone isn't blinded by AI hype and his action in creating the centre is informed by NSA's homework on the field. In early September Nakasone revealed that the NSA had recently developed a roadmap sketching out how the organisation could take advantage of AI.

Speaking at the Billington Cybersecurity Summit, Nakasone said NSA already used AI, "primarily within our signals intelligence mission", and the roadmap had also looked at potential uses within its cyber security mission. And the NSA found these technologies could have "tremendous impact" on the agency's business functions such as compliance and HR, for example.

Governments worldwide are concerned about AI and it regularly appears on lists of critical technologies, including those kept by governments in the UK and Australia. There are also reasons to be particularly concerned about AI. Just this week, the European Commission formally identified AI as one of four technology areas that were not only critical for economic security but were also particularly 'risky'.

The Commission identified AI, advanced semiconductors, biotechnology and quantum technology as particularly concerning, because they are 'dual-use', meaning they could be used for civil and military applications and to undermine or violate human rights.

So Nakasone is doing what he can to make NSA's efforts to protect AI in defence and national security as effective as possible. That's good, and the NSA is well placed to contribute to the US government's broader strategic goals of safe and secure AI.

There's more that can be done here, though, outside Nakasone's purview.

When it comes to protecting AI IP, for example, the NSA is well placed to provide advice and even prevent cyber espionage. However, the PRC doesn't restrict itself to just cyber-enabled IP theft and has a holistic approach to acquiring IP that includes both human and cyber espionage. So how is the US addressing threats like insider risk and traditional person-based espionage in an AI IP context?

It'd be a real shame if the US AI advantage is stolen by people rather than by packets.

Rich Pickings at the Network Edge

A Mandiant report released this week found that 62% of exploited-in-the-wild vulnerabilities are 0days and the remaining 38% are exploited after public disclosure. It also found that the percentage of vulnerabilities attributable to Microsoft, Apple and Google has declined to less than half the total.

Mandiant observes a consistent decrease in what it calls the "time-to-exploit" (TTE), the "time taken to exploit them either prior to or after public disclosure". However, we have a problem with this metric as described in the report, as it combines 0days, which by definition should have a negative TTE (?), with n-days, which have a positive TTE.

The report says that average TTE has declined over the last several years but then also notes that "n-day exploitation timelines may have grown slightly". Wut.

There may be a reason to combine 0days and n-days in this way, but we are not seeing it.

Moving beyond this gripe, the report identifies a consistent trend in the percentage of vulnerabilities found in the top three vendors (Microsoft, Apple and Google) declining over time. Over the last few years less than half the vulnerabilities discovered originate from the three organisations.

The flipside of this is the targeted exploitation of internet-facing enterprise products that often have broad visibility into a network and/or administrative privileges. These include VPN devices, firewalls, and other products from vendors such as Fortinet, Citrix, PulseSecure, Cisco and others.

The sterling example of this (if sterling was horrible) is the Cl0p ransomware gang’s sustained targeting of enterprise file transfer systems. Since 2020 it has launched sequential campaigns against Accellion's File Transfer Appliance, Fortra's GoAnywhere Managed File Transfer product and Progress Software's MOVEit file transfer software. Just this week we saw exploitation kick off against another Progress Software product, WS_FTP. (Risky Business News has more coverage).

In terms of victims affected, Cl0p's MOVEit campaign is perhaps the largest of all time. Cybersecurity firm EMSISOFT has found that 2,309 organisations and 62 million individuals have been affected by the campaign. It's also been lucrative for Cl0p. Ransomware incident response firm Coveware estimates that the gang may earn from USD75m to 100m from the MOVEit campaign alone.

Cl0p has shown that there is gold in exploiting enterprise software, so we expect that threat actors will continue to focus on enterprise network edge devices.

Three Reasons to Be Cheerful this Week:

  1. SEC rule changes encourage cyber security strengthening: A poll of publicly traded companies has found that nearly two-thirds of them are strengthening their cyber security programs in the wake of changes to SEC disclosure rules.
  2. Strengthened anti-spam email protections: Google has announced it will tighten its requirements for "bulk senders" of email, including requiring them to use SPF/DKIM and DMARC email authentication protocols and enable recipients to unsubscribe with a single click.
  3. Pig butchering ring busted: Thai police, with help from the US Department of Homeland Security and cryptocurrency exchange Binance, have disrupted a 'pig butchering' criminal group. The Thai police's Cyber Crime Investigation Bureau seized assets worth USD$277m, including luxury cars and real estate. Over 3,200 victims have come forward seeking compensation.

In this sponsored podcast Proofpoint’s Selena Larson talks with Tom Uren about recent changes in the e-crime ecosystem.


Counting the Cost of Microsoft's Storm-0558 Hack

Reuters reports that the hack of Microsoft's email services resulted in the theft of 60,000 emails from 10 State Department accounts by a Chinese state-linked threat actor known as Storm-0558. Around 25 organisations were affected but it hasn't been reported what the group took from the other victims.

AWS Talks Honeypots

Amazon Web Services has published a piece describing its "MadPot" honeypot system and it contains some interesting nuggets. When a new MadPot sensor is created it is typically discovered by internet scanning probes within 90 seconds. On average, it only takes three minutes after discovery before attempts are made to penetrate and exploit it, even though, in the words of the post, "these workloads aren’t advertised or part of other visible systems that would be obvious to threat actors".

The post also describes how MadPot was used to identify activity by Volt Typhoon, a state-sponsored China-based actor that has targeted critical infrastructure. Even though the group used relatively stealthy 'living off the land' techniques, the MadPot system had captured data on a Volt Typhoon payload containing a unique signature. MadPot historical data was queried with this signature to identify other IP addresses that Volt Typhoon had used and correlate activity that would otherwise appear to be unrelated.

From Timbuktu to Tokyo

US and Japanese authorities have warned that China-linked cyber actors are compromising international subsidiaries of US and Japanese companies as beachheads to target the companies’ headquarters.

The threat actors gain administrative access to Cisco routers at the subsidiary firms and then install custom malicious firmware.

Risky Biz Talks

You can find the audio edition of this newsletter and other fine podcasts and interviews in the Risky Biz News feed (RSS, iTunes or Spotify).

In our last "Between Two Nerds" discussion Tom Uren and The Grugq look at whether offensive cyber operations against ransomware groups have succeeded or failed.

From Risky Biz News:

Ransomware gangs hit TeamCity and WS_FTP servers: Ransomware groups are exploiting recently disclosed vulnerabilities in TeamCity and WS_FTP servers to breach corporate networks and ransom organisations.

The attacks are exploiting CVE-2023-42793 and CVE-2023-40044.

The first is an authentication bypass and RCE vulnerability that can allow threat actors to take full control of JetBrains TeamCity CI/CD servers. Once on the development pipeline, threat actors can pivot to other resources on a company's internal or cloud network, from where ransomware gangs can do extensive damage.

The second is a remote code execution in WS_FTP, a file-transfer application developed by Progress Software—the same company that also made the MOVEit file-sharing server, heavily exploited by the Clop gang earlier this year in hacks that impacted more than 2,000 organisations. This bug is particularly nasty because it can be exploited with one HTTPS POST request.

[more on Risky Business News]

Disclosure snafu delays critical Exim patch more than a year: A critical vulnerability impacting more than 3.5 million Exim email servers has remained unpatched for more than 15 months in one of the most egregious instances of vulnerability disclosure snafus in recent history.

Tracked as CVE-2023-42115, the vulnerability is a no-authentication remote code execution with a severity rating of 9.8/10.

[more on Risky Business News, including an explanation of how it is hard to blame any of the parties involved even though it is still a huge cluster]

Chinese APT hacks subsidiaries, pivots to corporate headquarters: Cybersecurity agencies from Japan and the US have issued a joint security  advisory about a Chinese APT group that is hacking the overseas subsidiaries of US and Japanese companies and then pivoting to their corporate headquarters.

Known as BlackTech (Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda), the group targets internet-facing routers as their entry point into victim networks.

To maintain access, the group hot-patches the router firmware with a modified version that bypasses security features and contains a built-in SSH backdoor to maintain future access.

[more on Risky Business News]