Tag

machine

Browsing

As if defenders of the software supply chain didn’t have enough attack vectors to worry about, they now have a new one: machine learning models.

ML models are at the heart of technologies such as facial recognition and chatbots. Like open-source software repositories, models are often downloaded and shared by developers and data scientists, so a compromised model can have effects on multiple organizations at once.

Researchers from machine language security company HiddenLayer revealed in a blog post on Tuesday how an attacker could use a popular ML model to deploy ransomware.

The method described by the researchers is similar to how hackers use steganography to hide malicious payloads in images. In the case of ML models, the malicious code is hidden in the model’s data.

According to the researchers, the steganography process is quite general and can be implemented on most ML libraries. He added that the process need not be limited to embedding malicious code in models and can also be used to extract data from an organization.

machine learning model hijacking

Image Courtesy of HiddenLayer


Attacks can also be operating system agnostic. The researchers pointed out that OS and architecture-specific payloads can be embedded in the model, where they can be loaded dynamically at runtime depending on the platform.

flying under the radar

Tom Bonner, senior director of adversarial threat research at Austin, Texas-based HiddenLayer, said that embedding malware in ML models provides some advantage to an adversary.

“It allows them to fly under the radar,” Bonner told TechNewsWorld. “This is not a technology that is detected by current antivirus or EDR software.”

“It also opens up new targets for them,” he said. “It’s a direct route into data scientist systems. It’s possible to dump machine learning models hosted on public repositories. Data scientists will pull it down and load it, then it’s patched.”

“These models are also downloaded to various machine-learning ops platforms, which can be very scary because they can have access to Amazon S3 buckets and steal training data,” he continued.

“most of [the] Machines running machine-learning models tend to have bigger, fatter GPUs, so bitcoin miners can be very effective on those systems as well,” he said.

HiddenLayer demonstrates how its hijacked pre-trained ResNet model executed a ransomware sample the moment it was loaded into memory by PyTorch on its test machine.


first mover advantage

Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a cybersecurity consulting and penetration testing company in Scottsdale, Ariz., often likes to exploit unanticipated vulnerabilities in new technologies.

“Attackers looking for first-mover advantage in these frontiers can enjoy both less preparation and proactive protection by exploiting new technologies,” Clements told TechNewsWorld.

“This attack on machine-language models looks like it could be the next phase of the cat-and-mouse game between attackers and defenders,” he said.

Threat actors will take advantage of whatever vectors they can to carry out their attacks, explained Mike Parkin, senior technical engineer at Vulkan Cyber, a provider of SaaS for enterprise cyber risk remediation in Tel Aviv, Israel.

“It’s an unusual vector that can outperform some common tools if done carefully,” Parkin told TechNewsWorld.

Traditional anti-malware and endpoint detection and response solutions are designed to detect ransomware based on pattern-based behaviors, including virus signatures and monitoring key API, file, and registry requests on Windows for potential malicious activity , Chief Security Officer Morey Haber explained. BeyondTrust, a developer of privileged account management and vulnerability management solutions in Carlsbad, California.

“If machine learning is applied to the delivery of malware such as ransomware, traditional attack vectors and even detection methods can be changed to appear non-malicious,” Haber told TechNewsWorld.

potential for extensive damage

Attacks on machine-language models are on the rise, said Karen Crowley, director of product solutions at Deep Instinct, a deep-learning cybersecurity company in New York City.

“It’s not critical yet, but widespread damage is likely,” Crowley told TechNewsworld.

“In the supply chain, if the data is poisoned so that when the model is trained, the system is also poisoned, then that model can make decisions that reduce rather than strengthen protection,” he explained.

“In the cases of Log4j and SolarWinds, we saw an impact not only on the organization that has the software, but all of its users in that chain,” she said. “Once ML is introduced, the damage can add up quickly.”

Casey Ellis, CTO and founder of BugCrowd, which operates a crowdsourced bug bounty platform, said attacks on ML models could be part of a larger trend of attacks on software supply chains.

Ellis told TechNewsWorld, “Just as adversaries can attempt to compromise the supply chain of software applications to insert malicious code or vulnerabilities, they can also compromise the supply chain of machine learning models to insert malicious or biased data or algorithms.” can also target.

“This can have a significant impact on the reliability and integrity of AI systems and can be used to undermine trust in the technology,” he said.

Publam for Script Kiddies

Threat actors may show increased interest in machine models because they are more vulnerable to people than they thought.

“People have known this was possible for a while, but they didn’t realize how easy it was,” Bonner said. “It’s fairly trivial to put together an attack with a few simple scripts.”

He added, “Now that people have realized how easy it is, this script is in the realm of children.”

Clements agreed that the researchers have shown that it does not require hardcore ML/AI data science expertise to insert malicious commands into training data that can then be triggered by ML models at runtime.

However, he continued, more sophistication is required than run-of-the-mill ransomware attacks that rely primarily on simple credential stuffing or phishing to launch.

“Right now, I think the popularity of the specific attack vector is likely to subside for the foreseeable future,” he said.

“Exploiting this requires an attacker compromising the upstream ML model project used by downstream developers to download pre-trained ML models to the victim, with embedded malicious commands from an unauthenticated source.” exploits,” he explained.

“In each of these scenarios,” he continued, “it appears that there would be much easier and more straightforward ways to compromise the target than simply inserting entangled exploits into the training data.”

A new report from a privileged management firm (PAM) warns that IT security is getting worse as corporations become stuck deciding what to do and what it will cost.

Delinea, formerly Thycotic and Centrify, on Tuesday released research based on 2,100 security decision makers internationally, revealing that 84% of organizations have experienced an identity-related security breach in the past 18 months.

This revelation comes as enterprises are grappling with expanding entry points and more frequent and advanced attack methods from cybercriminals. It also highlights the gap between the perceived and actual effectiveness of security strategies. Despite the high percentage of accepted breaches, 40% of respondents believe they have the right strategy.

Several studies found that credentials are the most common attack vector. Delinia wanted to know what IT security leaders were doing to reduce the risk of attack. This study focused on learning about the adoption of privileged access management by organizations as a security strategy.

Key findings of the report include:

  • 60% of IT security decision-makers have been put off working on an IT security strategy due to multiple concerns;
  • Identity security is a priority for security teams, but 63% believe it is not understood by executive leaders;
  • 75% of organizations will fail to protect privileged identities because they refuse to receive the support they need.

ID security is a priority, but board purchases are critical

Leaving behind corporate commitment to actually take action is a growing policy many executives are following in relation to IT efforts to provide better breach prevention.

Many organizations are hungry to make change, but three quarters (75%) of IT and security professionals believe that promises of change will fail to protect privileged identities due to a lack of corporate support, according to researchers. .

The report noted that 90% of the respondents said that their organizations fully recognize the importance of identity security in enabling them to achieve their business goals. Nearly the same percentage (87%) said it was one of the most important security priorities for the next 12 months.

However, a lack of budget commitment and executive alignment resulted in a constant stall on improving IT security. Some 63% of respondents said that their company’s board still does not fully understand identity security and its role in enabling better business operations.

Chief Security Scientist and Advisor CISO Joseph Carson said, “While the importance of identity security is acknowledged by business leaders, most security teams will not receive the support and budget they need to provide critical security controls and resources to mitigate key risks.” A solution is needed.” in Delinia.

“This means that most organizations will be deprived of protecting privileges, leaving them vulnerable to cybercriminals searching for and abusing privileged accounts,” he said.

Lack of policies puts machine ID at great risk

Despite the good intentions of corporate leaders, companies have a long road ahead when it comes to protecting privileged identities and access. According to the report, less than half (44%) of organizations surveyed have implemented ongoing security policies and procedures for privileged access management.

These missing security protections include password rotation or approval, time-based or context-based security, and privileged behavior monitoring such as recording and auditing. Even more worrying, more than half (52%) of all respondents allow privileged users to access sensitive systems and data without the need for multifactor authentication (MFA).

Another alarming lapse has come to the fore in the research. Privileged identities include humans, such as domain and local administrators. It also includes non-humans, such as service accounts, application accounts, codes, and other types of machine identities that automatically connect to and share privileged information.

However, only 44% of organizations manage and secure machine identities. The majority leave them open and come under attack.

Graph: Delinea benchmarking security gaps and privileged access

Source: Delinia Global Survey of Cyber ​​Security Leaders


Cybercriminals look for the weakest link, Carson noted. Ignoring ‘non-human’ identities – especially when these are growing at a faster rate than human users – greatly increases the risk of privilege-based identity attacks.

“When attackers target machine and application identities, they can easily eavesdrop,” he told TechNewsWorld.

They move around the network to determine the best place to strike and inflict the most damage. He advised that organizations need to ensure that machine identity is incorporated into their security strategies and follow best practices when it comes to protecting all of their IT ‘superuser’ accounts, which could be compromised if , then the entire business could be put on hold, he advised.

The security gap is widening

Perhaps the most important finding from this latest research is that the security gap continues to widen. Many organizations are on the right track to secure and reduce cyber risk for business. They face the challenge that there still exist large security gaps for attackers to gain. This includes securing a privileged identity.

An attacker only needs to find a privileged account. When businesses still have many privileged identities left vulnerable, such as application and machine identities, attackers will continue to exploit and influence businesses’ operations in exchange for ransom payments.

The good news is that organizations realize the high priority of protecting privileged identities. The sad news is that many privileged identities are still exposed because it is simply not enough to secure a human privileged identity, Carson explained.

Not only is the security gap widening between business and attackers but also the security gap between IT leaders and business executives. While this is improving in some industries, the problem still exists.

“Until we address the challenge of communicating the importance of cyber security to the executive board and business, IT leaders will continue to struggle to obtain the resources and budget needed to close the security gap,” he said. warned.

cloud whack-a-mole

One of the main challenges to achieving identity is that mobility and the identity of the cloud environment are everywhere. According to Carson, this increases the complexity of securing identity.

Businesses are still trying to secure them with the current security technologies they already have in place today. But this results in many security gaps and limitations. He said some businesses fall short even by trying to check security identity with simple password managers.

“However, this still means relying on business users to make good security decisions. To secure identities, you must first have a good strategy and plan in place. This means knowing the types of privileged identities that exist in business. Understanding and using security technology that is designed to find and protect them,” he concluded.