Researchers from the Rochester Institute of Technology introduced a benchmark designed to assess large language models’ performance in cyber threat intelligence applications

Read More

Interesting research: “Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.”

Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems. However, these agents still perform poorly on real-world vulnerabilities that are unknown to the agent ahead of time (zero-day vulnerabilities).

In this work, we show that teams of LLM agents can exploit real-world, zero-day vulnerabilities. Prior agents struggle with exploring many different vulnerabilities and long-range planning when used alone. To resolve this, we introduce HPTSA, a system of agents with a planning agent that can launch subagents. The planning agent explores the system and determines which subagents to call, resolving long-term planning issues when trying different vulnerabilities. We construct a benchmark of 15 real-world vulnerabilities and show that our team of agents improve over prior work by up to 4.5×.

The LLMs aren’t finding new vulnerabilities. They’re exploiting zero-days—which means they are not trained on them—in new ways. So think about this sort of thing combined with another AI that finds new vulnerabilities in code.

These kinds of developments are important to follow, as they are part of the puzzle of a fully autonomous AI cyberattack agent. I talk about this sort of thing more here.

Read More

Meta has delayed plans to train its LLMs using public content shared by adults on Facebook and Instagram following a request by Ireland’s data protection regulator

Read More

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Summer is a time for relaxation, travel, and spending quality moments with family and friends. However, it is also peak season for cybercriminals who exploit the vulnerabilities that arise during this period. Cyberattacks surge during the summer holiday season as businesses and individuals let their guard down. Many companies operate with reduced staff as employees take time off, leaving fewer eyes on critical systems and security measures. Cybersecurity teams, often stretched thin, may not be able to respond as swiftly to threats.

Additionally, individuals on vacation might be more inclined to use unsecured networks, fall for enticing travel deals, or overlook phishing attempts amidst their holiday activities. The importance of staying vigilant and informed about common summer scams cannot be overstated. By understanding these threats and taking proactive steps to protect ourselves, we can enjoy our summer holidays without falling victim to these opportunistic attacks.

The Surge in Summer Cyberattacks

Summer sees a marked increase in cyberattacks, with statistics indicating a significant rise in incidents during this period. For instance, in June alone, cyberattacks globally surged by an alarming 60%. This increase can be attributed to several factors that make the summer season particularly attractive to cybercriminals.

One primary reason is the reduction in staff across businesses as employees take their vacations. This often results in Security Operations Centers (SOCs) operating with minimal personnel, reducing the ability to monitor and respond to threats effectively. Additionally, with key cybersecurity professionals out of the office, the remaining team may struggle to maintain the same level of protection.

Increased travel also plays an important role. Individuals on vacation are more likely to use unsecured networks, such as public Wi-Fi in airports, hotels, and cafes, which can expose them to cyber threats. Moreover, the general relaxation mindset that accompanies holiday activities often leads to a decrease in caution, making individuals more susceptible to scams and phishing attacks.

The impact of this surge in cyberattacks is significant for both individuals and businesses. For individuals, it can mean the loss of personal information and financial assets. For businesses, these attacks can lead to data breaches, financial losses, and reputational damage. Therefore, it is crucial to remain vigilant and take preventive measures during the summer season to mitigate these risks.

How to Recognize and Avoid Seasonal Cyber Threats

As summer rolls around, cybercriminals ramp up their efforts to expose the relaxed and often less vigilant attitudes of individuals and businesses. Here are some of the most prevalent scams to watch out for during the summer season.

Fake Travel Deals

One of the most common summer scams involves fake travel deals. Cybercriminals create enticing offers for vacation packages, flights, and accommodations that seem too good to be true. These offers are often promoted through fake websites, social media ads, and phishing emails. Once victims enter their personal and financial information to book these deals, they quickly realize that the offers were fraudulent, and their information is compromised, leading to issues such as identity theft. It’s crucial to take steps to protect yourself from identity theft in advance using reliable identity theft protection services.

For instance, a traveler might find a heavily discounted deal for a trip to Europe through an ad on social media. After making the payment, they receive fake confirmation details. Upon arrival at the destination, they discover there is no booking in their name, and their money is lost. To avoid falling for fake travel deals, always book through reputable travel agencies and websites. Verify the legitimacy of the travel company by checking reviews and ratings, and be wary of deals that require immediate payment through unconventional methods like wire transfers or gift cards.

Rental Scams

Fraudulent vacation rentals are another prevalent summer scam. Scammers post attractive rental listings on legitimate websites, offering properties at below-market rates. They often use photos from real estate websites to make the listings look genuine. Victims are asked to pay a deposit or the full amount upfront, only to find out later that the property doesn’t exist or is not available for rent.

To verify legitimate listings, contact the property owner directly through the rental platform’s messaging system. Research the property and cross-check photos and descriptions on multiple websites. Avoid listings that require immediate payment through wire transfers or gift cards, and read reviews to ensure the legitimacy of the rental site.

Phishing Attacks

Phishing attacks also see a significant rise during the summer. Cybercriminals send emails and text messages (smishing) that appear to come from reputable sources, containing links to malicious websites or attachments that can install malware on the recipient’s device. Summer-themed phishing emails might include fake flight confirmations, vacation rental updates, or special holiday offers.

For example, you might receive an email claiming to be from a popular airline with a subject line like “Confirm Your Summer Vacation Flight Booking” that redirects to a fake website. Or you might get a text message offering a “Limited Time Deal on Beach Rentals” with a link to a fraudulent booking site. These messages can seem very convincing, especially when you are in the midst of planning a vacation.

The Role of Advanced Cybersecurity Solutions

As one easily understands, proactive measures are very important for safeguarding against summer cyber threats. However, it is not enough to rely on common practices such as avoiding public Wi-Fi or using basic antivirus software. To effectively protect both individuals and businesses during this vulnerable season, it is essential to implement advanced cybersecurity strategies that go beyond the basics. Here are some of the most effective solutions:

Automated Anomaly Detection

Modern cybersecurity platforms employ machine learning algorithms to detect unusual behavior within network traffic, user activities, and system operations. These sophisticated systems continuously monitor for deviations from established norms, allowing for the identification of potential threats without requiring constant human oversight. By catching anomalies early, automated detection systems can mitigate threats before they cause significant damage.

Behavioral Analytics

Behavioral analytics is a powerful tool that analyzes historical data to establish a baseline of normal activities for users, applications, and devices. This approach helps in identifying anomalies that may signal a security threat. By understanding typical behavior patterns, organizations can effectively respond to unexpected and even zero-day threats. Behavioral analytics allows security teams to focus on genuine threats rather than sifting through false positives.

Real-Time Alerts

Advanced cybersecurity solutions offer real-time alerts that notify security teams immediately when potential threats are detected. These instant notifications ensure that teams can respond quickly, even during off-hours or periods of reduced staffing, such as holidays. Real-time visibility into applications and network activities is crucial for maintaining a strong security posture and preventing minor incidents from escalating into major breaches.

Policy Enforcement

Automated policy enforcement across all connected systems and devices helps prevent unauthorized access and contain potential breaches. Ensuring that security policies are consistently applied minimizes the risk of human error and protects digital assets more effectively. Automated enforcement reduces the need for manual intervention, allowing security teams to focus on more strategic tasks.

Integrated Incident Response

Security tools that integrate with existing systems can automate response actions based on detected threats. This integration includes isolating affected systems, blocking malicious communications, and initiating recovery processes. An integrated incident response ensures a coordinated and efficient reaction to cyber threats, minimizing the impact on the organization. By automating these processes, companies can maintain robust defenses even with limited staffing during the summer months.

Comprehensive Dashboard

A single, centralized dashboard providing a consolidated view of security alerts, system status, and overall network health simplifies security management. This comprehensive overview enables security teams to monitor and respond to threats more efficiently, even with a reduced workforce. Having all critical information in one place helps streamline decision-making and enhances the effectiveness of the security operations center.

Threat Intelligence

Utilizing advanced threat intelligence platforms can provide organizations with up-to-date information about emerging threats and attack vectors. By staying informed about the latest cyber threats, businesses can proactively adjust their defenses and prevent attacks before they occur. It’s important to have reliable and secure business software, such as call center software, to support critical functions.

Conclusion

Closing this article just like we opened it, summer is a time to relax, and there’s nothing wrong with that. However, this season also opens the door to increased cyber threats. Understanding and recognizing common summer scams are essential steps in protecting both personal and business assets. While basic precautions are necessary, implementing advanced cybersecurity solutions such as automated anomaly detection, behavioral analytics, and integrated incident response can significantly enhance your defense mechanisms.

Continuous education and awareness are equally important, ensuring that employees remain alert and informed. By adopting proactive and advanced strategies, individuals and businesses can enjoy a safer, more secure summer season. Staying one step ahead of cybercriminals requires a comprehensive approach to security that addresses both the simplest and most sophisticated threats, ensuring peace of mind as you enjoy your summer activities.

Read More

New report reveals China’s attempts to access leading AI research for military purposes

Read More

Ransomware attack on an NHS supplier forced the health service to rearrange 1000+ operations and appointments

Read More

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years.

The Spanish daily Murcia Today reports the suspect was wanted by the FBI and arrested in Palma de Mallorca as he tried to board a flight to Italy.

“He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. “According to Palma police, at one point he controlled Bitcoins worth $27 million.”

The cybercrime-focused Twitter/X account vx-underground said the U.K. man arrested was a SIM-swapper who went by the alias “Tyler.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS.

“He is a known SIM-swapper and is allegedly involved with the infamous Scattered Spider group,” vx-underground wrote on June 15, referring to a prolific gang implicated in costly data ransom attacks at MGM and Caesars casinos in Las Vegas last year.

Sources familiar with the investigation told KrebsOnSecurity the accused is a 22-year-old from Dundee, Scotland named Tyler Buchanan, also allegedly known as “tylerb” on Telegram chat channels centered around SIM-swapping.

In January 2024, U.S. authorities arrested another alleged Scattered Spider member — 19-year-old Noah Michael Urban of Palm Coast, Fla. — and charged him with stealing at least $800,000 from five victims between August 2022 and March 2023. Urban allegedly went by the nicknames “Sosa” and “King Bob,” and is believed to be part of the same crew that hacked Twilio and a slew of other companies in 2022.

Investigators say Scattered Spider members are part of a more diffuse cybercriminal community online known as “The Com,” wherein hackers from different cliques boast loudly about high-profile cyber thefts that almost invariably begin with social engineering — tricking people over the phone, email or SMS into giving away credentials that allow remote access to corporate internal networks.

One of the more popular SIM-swapping channels on Telegram maintains a frequently updated leaderboard of the most accomplished SIM-swappers, indexed by their supposed conquests in stealing cryptocurrency. That leaderboard currently lists Sosa as #24 (out of 100), and Tylerb at #65.

0KTAPUS

In August 2022, KrebsOnSecurity wrote about peering inside the data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations. The security firm Group-IB dubbed the gang by a different name — 0ktapus, a nod to how the criminal group phished employees for credentials.

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication.

These phishing attacks used newly-registered domains that often included the name of the targeted company, and sent text messages urging employees to click on links to these domains to view information about a pending change in their work schedule. The phishing sites also featured a hidden Telegram instant message bot to forward any submitted credentials in real-time, allowing the attackers to use the phished username, password and one-time code to log in as that employee at the real employer website.

One of Scattered Spider’s first big victims in its 2022 SMS phishing spree was Twilio, a company that provides services for making and receiving text messages and phone calls. The group then pivoted, using their access to Twilio to attack at least 163 of its customers.

Among those was the encrypted messaging app Signal, which said the breach could have let attackers re-register the phone number on another device for about 1,900 users.

Also in August 2022, several employees at email delivery firm Mailchimp provided their remote access credentials to this phishing group. According to Mailchimp, the attackers used their access to Mailchimp employee accounts to steal data from 214 customers involved in cryptocurrency and finance.

On August 25, 2022, the password manager service LastPass disclosed a breach in which attackers stole some source code and proprietary LastPass technical information, and weeks later LastPass said an investigation revealed no customer data or password vaults were accessed.

However, on November 30, 2022 LastPass disclosed a far more serious breach that the company said leveraged data stolen in the August breach. LastPass said criminal hackers had stolen encrypted copies of some password vaults, as well as other personal information.

In February 2023, LastPass disclosed that the intrusion involved a highly complex, targeted attack against an engineer who was one of only four LastPass employees with access to the corporate vault. In that incident, the attackers exploited a security vulnerability in a Plex media server that the employee was running on his home network, and succeeded in installing malicious software that stole passwords and other authentication credentials. The vulnerability exploited by the intruders was patched back in 2020, but the employee never updated his Plex software.

Plex announced its own data breach one day before LastPass disclosed its initial August intrusion. On August 24, 2022, Plex’s security team urged users to reset their passwords, saying an intruder had accessed customer emails, usernames and encrypted passwords.

TURF WARS

Sosa and Tylerb were both subjected to physical attacks from rival SIM-swapping gangs. These communities have been known to settle scores by turning to so-called “violence-as-a-service” offerings on cybercrime channels, wherein people can be hired to perform a variety geographically-specific “in real life” jobs, such as bricking windows, slashing car tires, or even home invasions.

In 2022, a video surfaced on a popular cybercrime channel purporting to show attackers hurling a brick through a window at an address that matches the spacious and upscale home of Urban’s parents in Sanford, Fl.

January’s story on Sosa noted that a junior member of his crew named “Foreshadow” was kidnapped, beaten and held for ransom in September 2022. Foreshadow’s captors held guns to his bloodied head while forcing him to record a video message pleading with his crew to fork over a $200,000 ransom in exchange for his life (Foreshadow escaped further harm in that incident).

According to several SIM-swapping channels on Telegram where Tylerb was known to frequent, rival SIM-swappers hired thugs to invade his home in February 2023. Those accounts state that the intruders assaulted Tylerb’s mother in the home invasion, and that they threatened to burn him with a blowtorch if he didn’t give up the keys to his cryptocurrency wallets. Tylerb was reputed to have fled the United Kingdom after that assault.

KrebsOnSecurity sought comment from Mr. Buchanan, and will update this story in the event he responds.

Read More