Daily Brief

University of Maryland computer scientists create BEAST, a method for quickly generating harmful prompts that exploit large language models (LLMs). BEAST (BEAm Search-based adversarial aTtack) achieves a 65x speedup over traditional gradient-based attacks, taking as little as one minute of GPU time. The technique has an 89% success rate in generating prompts that "jailbreak" LLMs, significantly higher than the 46% achieved by the best baseline method. BEAST operates by using token probability scores and beam search algorithms to derive prompts that elicit problematic responses from LLMs such as Vicuna-7B. Adversarial prompts developed can potentially be used for social engineering attacks since BEAST allows for tunable parameters that can make the prompts more readable. The developed approach can also induce "hallucinations" or untruthful responses from models and enable membership inference attacks, raising privacy concerns. While the method is potent, the researchers note that thorough safety training of AI models can mitigate such attacks, demonstrating the need for provable safety guarantees.

University of Maryland researchers have created BEAST, a method for breaching the safety protocols of large language models (LLMs) with adversarial prompts. BEAST stands for BEAm Search-based adversarial aTtack, and is significantly faster than previous methods, enabling attacks within 60 seconds using an Nvidia RTX A6000 GPU. The adversarial prompts generated by BEAST have an 89% success rate in "jailbreaking" models, surpassing the 46% rate of current baseline methods. The method works by exploiting the token probability scores from the model's final network layer, allowing it to potentially attack public commercial models like GPT-4. In addition to eliciting harmful responses, BEAST can also create prompts that result in inaccurate model outputs or compromise privacy by performing membership inference attacks. Safety training of AI models can mitigate the risks posed by BEAST; the LLaMA-2 model's resistance to attacks serves as a testament to effective alignment training. The researchers emphasize the importance of developing provable safety guarantees for the responsible future deployment of powerful AI models.

Anycubic 3D printers were hacked globally to alert users to a security vulnerability. Hackers left a message via a gcode file on affected printers, stating the printers had a critical security bug allowing remote control via the company's MQTT service API. The hacker's message suggested Anycubic should open-source their software, criticized the security of the MQTT server, and claimed that over 2.9 million devices received the warning. Users were advised to disconnect their printers from the Internet until Anycubic addresses the vulnerability. Customers have reported a forum post by an anonymous party detailing two critical vulnerabilities, after allegedly trying to reach Anycubic for two months without success. Anycubic is gathering data from affected users to assess the issue, meanwhile, the Anycubic app experienced network-related disruptions. Anycubic, with over 1000 employees, is a major 3D printer brand and has reportedly sold more than 3 million printers worldwide. An official statement on the incident is pending.

Over a hundred AI machine learning models on the Hugging Face platform were discovered to contain malicious code, enabling backdoor access to users' systems. Hugging Face, known for AI, NLP, and ML collaboration, faces significant security risks despite robust scanning measures for malware and unsafe behaviors. JFrog's security team deployed an advanced scanning system, revealing malicious functionalities in models for PyTorch and Tensorflow on Hugging Face, excluding false positives. A recently removed PyTorch model was found to establish a reverse shell to an external host, demonstrating the potential for data breaches and espionage. Malicious code was hidden in the model files using Python's "pickle" serialization method, circumventing typical detection mechanisms. The intentions behind these uploads may vary, with possibilities including AI researchers' experimentation and attempts to bypass security for bug bounties. JFrog's report emphasizes the need for increased vigilance and proactive defenses within the AI ML ecosystem against such hidden threats.

President Joe Biden has signed an executive order to prevent the bulk sale of private data of U.S. citizens to countries like China, Russia, Iran, North Korea, Cuba, and Venezuela. The order empowers the Justice Department to obstruct transactions that threaten national security by exposing Americans' sensitive personal data to adversaries. New regulations will be established to limit or prohibit data transactions that pose a national security risk, particularly focusing on genomic, biometric, personal health, geolocation, and financial data. The order also targets commercial data brokers to prevent them from selling personal information that can be used for surveillance, scams, and blackmail by "countries of concern." The sale of sensitive personal data is considered a privacy and security risk for U.S. citizens, especially those associated with the military or national security sectors. The Federal Trade Commission recently banned two data brokers from selling precise location data to protect individuals from being tracked and to maintain the privacy of sensitive information such as religious and medical details.

The Rhysida ransomware gang claims to have executed a cyberattack on Lurie Children's Hospital in Chicago, demanding a $3.6 million ransom. As a result of the cyberattack, Lurie Children's Hospital's IT systems were taken offline, disrupting various medical services and patient care. Sensitive data including ultrasound and CT scan results were compromised, resulting in the healthcare provider resorting to manual record-keeping methods. Rhysida has threatened to sell the purportedly stolen 600 GB of data for 60 BTC unless their single-buyer ransom is met within a seven-day deadline. The attack continues to cause service delays at the hospital, with MyChart still unavailable and prescription processing being performed manually. The hospital has made accommodations such as extending billing timeframes and waiving no-show fees due to the affected payment systems. A potential vulnerability in the Rhysida ransomware was recently published, which may provide a method to decrypt files without paying, but its efficacy on the most recent attacks is unclear.

Kali Linux 2024.1, designed for cybersecurity professionals, includes a refreshed theme and desktop changes. The first 2024 version adds four new tools for penetration testing and security audits. Visual updates feature new wallpapers, boot menu, and login display improvements. Desktop enhancements include copying VPN IP addresses with Xclip on Xfce and replacing the image viewer with Loupe on Gnome. Kernel has been upgraded to version 6.6, ensuring up-to-date hardware support and security. Users can upgrade existing installations or download new ISO images to access the latest version of Kali Linux. For those on Windows Subsystem for Linux, an upgrade to WSL2 is recommended for an optimal experience.

The BlackCat/ALPHV ransomware gang has attacked Optum, a subsidiary of UnitedHealth Group, responsible for managing the Change Healthcare platform. Change Healthcare, a critical payment exchange used by over 70,000 pharmacies, reportedly suffered an outage due to this cyberattack. BlackCat claims to have stolen 6TB of data, including sensitive information from healthcare providers, insurance companies, and pharmacies. Stolen data may include source code for Change Healthcare solutions and personal data from entities such as Tricare, Medicare, CVS Caremark, and MetLife. The attack affected services, but Optum officials stated that most pharmacies have transitioned to alternative electronic claim procedures. Federal agencies including the FBI, CISA, and HHS have issued warnings about BlackCat's focus on the U.S. healthcare sector, with the group being tied to numerous attacks since late 2021. The U.S. State Department is offering a reward of up to $15 million for information leading to the identification or location of the leaders behind BlackCat ransomware attacks.

The LockBit ransomware group has resumed attacks using newly updated encryptors and establishing fresh servers for operations. Law enforcement agencies including the NCA, FBI, and Europol had disrupted the LockBit operation through 'Operation Cronos', which resulted in infrastructure seizure and decryption tool recovery. In response to the takedown, LockBit has vowed to enhance security against law enforcement intrusions and has already set up a new data leak website with a defiant message to the FBI. Researchers at Zscaler have identified updated ransom notes in the wild, pointing to the gang's new Tor-based infrastructure. BleepingComputer confirmed that the negotiation servers are operational again but are specific to recent victims of the ransomware's new encryptors. Despite the recent takedown, LockBit, which previously had around 180 affiliates, is making efforts to recruit experienced penetration testers to strengthen its ranks and escalate future attacks. The long-term strategy of LockBit remains unclear, with the possibility of rebranding, but currently, the group continues to pose a significant cyber threat.

North Korean Lazarus Group hackers leveraged a zero-day vulnerability in the Windows AppLocker driver to achieve kernel-level access. The vulnerability, CVE-2024-21338, was noticed by Avast analysts and subsequently patched in the February 2024 Patch Tuesday updates. The updated version of the Lazarus rootkit, FudModule, showcases significant stealth improvements, capable of disabling security tools such as Microsoft Defender and CrowdStrike Falcon. The FudModule rootkit uses advanced techniques for evading detection and maintaining persistence on infected systems. Avast uncovered a previously undocumented remote access trojan (RAT) related to Lazarus, which will be further detailed at BlackHat Asia in April. This exploitation method signifies a major evolution in the capabilities of Lazarus, allowing for more covert attacks and prolonged presence on compromised systems. Security practitioners are urged to apply the latest patches to mitigate risks associated with the exploited Windows zero-day vulnerability.

Palo Alto Networks (PAN) is facing a class action lawsuit for purportedly deceiving investors regarding its platform strategy and AI products. Investors experienced a significant loss when PAN’s share price plummeted by 28% following a lowered billings forecast and a report on slow growth projections. The lawsuit highlights accusations of PAN making false or misleading statements about the effectiveness of their platformization initiatives and sustainable growth. Defendants named in the lawsuit include PAN, its CEO, CFO, and head of product management, with claims that the company lacked a reasonable basis for their positive statements. PAN had implemented a strategy focusing on platform consolidation which was supposedly validated by the average customer lifetime value metrics presented by its CEO during an earnings call. The lawsuit indicates that PAN's aggressive push towards platformization and the activation of AI leadership failed to secure expected US federal government deals, which contributed to the stock price drop. Plaintiffs assert that economic loss occurred due to the revelations and subsequent stock price fall, claiming material omissions and misrepresentations by PAN. Palo Alto Networks has been approached for comment on the lawsuit allegations.

Epic Games denies evidence of any cyberattack or data theft following claims by the Mogilevich extortion group. Despite the group's claim of server breach and selling stolen data for $15,000, no proof has been provided to Epic Games. The company began investigating after a dark web page ad suggested a breach, yet communication with the alleged hackers yielded no response. Mogilevich reportedly shared stolen data samples only with individuals who could prove they had the funds to purchase it. Security researchers are skeptical due to the absence of shared proof and suspect Mogilevich might be selling fake data, branding them potential scammers. The group also claims to operate a Ransomware-as-a-Service model, but no evidence of an actual ransomware encryptor linked to them has been identified.

Iran-associated threat actor UNC1549 is targeting the aerospace, aviation, and defense sectors in the Middle East, notably in Israel and the U.A.E. This activity, which extends to countries like Turkey, India, and Albania, is ongoing since at least June 2022. UNC1549 employs social engineering with job-related lures and two custom backdoors, MINIBIKE and MINIBUS, for espionage purposes. The group uses Microsoft Azure cloud infrastructure for command-and-control and deploys LIGHTRAIL tunneling software for communication. The intelligence gathered from these cyber espionage attacks serves strategic Iranian interests and may support both espionage and kinetic operations. Evasion techniques, including tailored employment-theme lures and cloud infrastructure, complicate prevention, detection, and mitigation efforts by network defenders. Other Iranian-related cyber activities include "faketivists" targeting critical infrastructure and data-wiping attacks against industrial control systems in Israel.

Japan's JPCERT/CC issues alert on North Korean hacker group Lazarus distributing malware through PyPI package repository. Lazarus uploaded four malicious packages to PyPI designed to install 'Comebacker' malware on developers' systems. Malicious packages masquerade as part of the legitimate 'pycrypto' project, tricking developers into downloading them. As of the report, the packages have been removed from PyPI, but thousands of systems may already be compromised. The malware enables Lazarus to infiltrate networks for financial fraud and potentially instigate supply chain attacks. Investigations show continuity in North Korean cyber campaigns, with Lazarus previously exploiting npm packages in November 2023. Lazarus has a history of large-scale thefts, including stealing cryptocurrencies worth millions from various platforms.

Phishing remains the primary method cybercriminals use to gain initial access to networks, cited in 41% of cyber incidents. A recent campaign involved distributing DarkGate malware through malicious Microsoft Teams chat invites, affecting over 1,000 users. In a separate phishing scheme, attackers exploited open redirects on the Indeed website to hijack Microsoft 365 accounts belonging to high-level employees. Attendees of a NATO summit supporting Ukraine were targeted with a fake website imitating the Ukrainian World Congress, designed to disseminate malware. Organizations can combat phishing by educating employees, employing advanced email filtering, and implementing multi-factor authentication (MFA). Security automation technologies like Blink enhance phishing defenses by offering streamlined incident response and automated security workflows without the need for coding.