Read Time:6 Second
The new LiteSpeed Cache flaw (CVE-2024-47374) allows unauthenticated code injection across more than six million active installations
Category Archives: News
Microsoft and US Government Disrupt Russian Star Blizzard Operations
Read Time:6 Second
Microsoft and the US government have collectively seized over 100 websites used by Russian nation-state actor Star Blizzard
CeranaKeeper Emerges as New Threat to Thai Government Networks
Read Time:4 Second
China-aligned CeranaKeeper discovered targeting Thai govt institutions using cloud services for data exfiltration
Tick tock.. Operation Cronos arrests more LockBit ransomware gang suspects
Read Time:7 Second
International law enforcement continues to dismantle the LockBit ransomware gang’s infrastructure.
Read more in my article on the Tripwire State of Security blog.
A Single Cloud Compromise Can Feed an Army of AI Sex Bots
Read Time:9 Minute, 32 Second
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.
Image: Shutterstock.
Researchers at security firm Permiso Security say attacks against generative artificial intelligence (AI) infrastructure like Bedrock from Amazon Web Services (AWS) have increased markedly over the last six months, particularly when someone in the organization accidentally exposes their cloud credentials or key online, such as in a code repository like GitHub.
Investigating the abuse of AWS accounts for several organizations, Permiso found attackers had seized on stolen AWS credentials to interact with the large language models (LLMs) available on Bedrock. But they also soon discovered none of these AWS users had enabled logging (it is off by default), and thus they lacked any visibility into what attackers were doing with that access.
So Permiso researchers decided to leak their own test AWS key on GitHub, while turning on logging so that they could see exactly what an attacker might ask for, and what the responses might be.
Within minutes, their bait key was scooped up and used to power a service that offers AI-powered sex chats online.
“After reviewing the prompts and responses it became clear that the attacker was hosting an AI roleplaying service that leverages common jailbreak techniques to get the models to accept and respond with content that would normally be blocked,” Permiso researchers wrote in a report released today.
“Almost all of the roleplaying was of a sexual nature, with some of the content straying into darker topics such as child sexual abuse,” they continued. “Over the course of two days we saw over 75,000 successful model invocations, almost all of a sexual nature.”
Ian Ahl, senior vice president of threat research at Permiso, said attackers in possession of a working cloud account traditionally have used that access for run-of-the-mill financial cybercrime, such as cryptocurrency mining or spam. But over the past six months, Ahl said, Bedrock has emerged as one of the top targeted cloud services.
“Bad guy hosts a chat service, and subscribers pay them money,” Ahl said of the business model for commandeering Bedrock access to power sex chat bots. “They don’t want to pay for all the prompting that their subscribers are doing, so instead they hijack someone else’s infrastructure.”
Ahl said much of the AI-powered chat conversations initiated by the users of their honeypot AWS key were harmless roleplaying of sexual behavior.
“But a percentage of it is also geared toward very illegal stuff, like child sexual assault fantasies and rapes being played out,” Ahl said. “And these are typically things the large language models won’t be able to talk about.”
AWS’s Bedrock uses large language models from Anthropic, which incorporates a number of technical restrictions aimed at placing certain ethical guardrails on the use of their LLMs. But attackers can evade or “jailbreak” their way out of these restricted settings, usually by asking the AI to imagine itself in an elaborate hypothetical situation under which its normal restrictions might be relaxed or discarded altogether.
“A typical jailbreak will pose a very specific scenario, like you’re a writer who’s doing research for a book, and everyone involved is a consenting adult, even though they often end up chatting about nonconsensual things,” Ahl said.
In June 2024, security experts at Sysdig documented a new attack that leveraged stolen cloud credentials to target ten cloud-hosted LLMs. The attackers Sysdig wrote about gathered cloud credentials through a known security vulnerability, but the researchers also found the attackers sold LLM access to other cybercriminals while sticking the cloud account owner with an astronomical bill.
“Once initial access was obtained, they exfiltrated cloud credentials and gained access to the cloud environment, where they attempted to access local LLM models hosted by cloud providers: in this instance, a local Claude (v2/v3) LLM model from Anthropic was targeted,” Sysdig researchers wrote. “If undiscovered, this type of attack could result in over $46,000 of LLM consumption costs per day for the victim.”
Ahl said it’s not certain who is responsible for operating and selling these sex chat services, but Permiso suspects the activity may be tied to a platform cheekily named “chub[.]ai,” which offers a broad selection of pre-made AI characters with whom users can strike up a conversation. Permiso said almost every character name from the prompts they captured in their honeypot could be found at Chub.
Some of the AI chat bot characters offered by Chub. Some of these characters include the tags “rape” and “incest.”
Chub offers free registration, via its website or a mobile app. But after a few minutes of chatting with their newfound AI friends, users are asked to purchase a subscription. The site’s homepage features a banner at the top that strongly suggests the service is reselling access to existing cloud accounts. It reads: “Banned from OpenAI? Get unmetered access to uncensored alternatives for as little as $5 a month.”
Until late last week Chub offered a wide selection of characters in a category called “NSFL” or Not Safe for Life, a term meant to describe content that is disturbing or nauseating to the point of being emotionally scarring.
Fortune profiled Chub AI in a January 2024 story that described the service as a virtual brothel advertised by illustrated girls in spaghetti strap dresses who promise a chat-based “world without feminism,” where “girls offer sexual services.” From that piece:
Chub AI offers more than 500 such scenarios, and a growing number of other sites are enabling similar AI-powered child pornographic role-play. They are part of a broader uncensored AI economy that, according to Fortune’s interviews with 18 AI developers and founders, was spurred first by OpenAI and then accelerated by Meta’s release of its open-source Llama tool.
Fortune says Chub is run by someone using the handle “Lore,” who said they launched the service to help others evade content restrictions on AI platforms. Chub charges fees starting at $5 a month to use the new chatbots, and the founder told Fortune the site had generated more than $1 million in annualized revenue.
KrebsOnSecurity sought comment about Permiso’s research from AWS, which initially seemed to downplay the seriousness of the researchers’ findings. The company noted that AWS employs automated systems that will alert customers if their credentials or keys are found exposed online.
AWS explained that when a key or credential pair is flagged as exposed, it is then restricted to limit the amount of abuse that attackers can potentially commit with that access. For example, flagged credentials can’t be used to create or modify authorized accounts, or spin up new cloud resources.
Ahl said Permiso did indeed receive multiple alerts from AWS about their exposed key, including one that warned their account may have been used by an unauthorized party. But they said the restrictions AWS placed on the exposed key did nothing to stop the attackers from using it to abuse Bedrock services.
Sometime in the past few days, however, AWS responded by including Bedrock in the list of services that will be quarantined in the event an AWS key or credential pair is found compromised or exposed online. AWS confirmed that Bedrock was a new addition to its quarantine procedures.
Additionally, not long after KrebsOnSecurity began reporting this story, Chub’s website removed its NSFL section. It also appears to have removed cached copies of the site from the Wayback Machine at archive.org. Still, Permiso found that Chub’s user stats page shows the site has more than 3,000 AI conversation bots with the NSFL tag, and that 2,113 accounts were following the NSFL tag.
The user stats page at Chub shows more than 2,113 people have subscribed to its AI conversation bots with the “Not Safe for Life” designation.
Permiso said their entire two-day experiment generated a $3,500 bill from AWS. Some of that cost was tied to the 75,000 LLM invocations caused by the sex chat service that hijacked their key. But they said the remaining cost was a result of turning on LLM prompt logging, which is not on by default and can get expensive very quickly.
Which may explain why none of Permiso’s clients had that type of logging enabled. Paradoxically, Permiso found that while enabling these logs is the only way to know for sure how crooks might be using a stolen key, the cybercriminals who are reselling stolen or exposed AWS credentials for sex chats have started including programmatic checks in their code to ensure they aren’t using AWS keys that have prompt logging enabled.
“Enabling logging is actually a deterrent to these attackers because they are immediately checking to see if you have logging on,” Ahl said. “At least some of these guys will totally ignore those accounts, because they don’t want anyone to see what they’re doing.”
In a statement shared with KrebsOnSecurity, AWS said its services are operating securely, as designed, and that no customer action is needed. Here is their statement:
“AWS services are operating securely, as designed, and no customer action is needed. The researchers devised a testing scenario that deliberately disregarded security best practices to test what may happen in a very specific scenario. No customers were put at risk. To carry out this research, security researchers ignored fundamental security best practices and publicly shared an access key on the internet to observe what would happen.”
“AWS, nonetheless, quickly and automatically identified the exposure and notified the researchers, who opted not to take action. We then identified suspected compromised activity and took additional action to further restrict the account, which stopped this abuse. We recommend customers follow security best practices, such as protecting their access keys and avoiding the use of long-term keys to the extent possible. We thank Permiso Security for engaging AWS Security.”
AWS said customers can configure model invocation logging to collect Bedrock invocation logs, model input data, and model output data for all invocations in the AWS account used in Amazon Bedrock. Customers can also use CloudTrail to monitor Amazon Bedrock API calls.
The company said AWS customers also can use services such as GuardDuty to detect potential security concerns and Billing Alarms to provide notifications of abnormal billing activity. Finally, AWS Cost Explorer is intended to give customers a way to visualize and manage Bedrock costs and usage over time.
Anthropic told KrebsOnSecurity it is always working on novel techniques to make its models more resistant to the kind of jailbreaks.
“We remain committed to implementing strict policies and advanced techniques to protect users, as well as publishing our own research so that other AI developers can learn from it,” Anthropic said in an emailed statement. “We appreciate the research community’s efforts in highlighting potential vulnerabilities.”
Anthropic said it uses feedback from child safety experts at Thorn around signals often seen in child grooming to update its classifiers, enhance its usage policies, fine tune its models, and incorporate those signals into testing of future models.
Cybersecurity Spending on the Rise, But Security Leaders Still Feel Vulnerable
Read Time:8 Second
A new report by Red Canary has found that while cybersecurity budgets have risen, many security leaders still feel overwhelmed by the growing threat landscape
Weird Zimbra Vulnerability
Read Time:1 Minute, 11 Second
Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit.
In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware. The researcher provided the following details:
While the exploitation attempts we have observed were indiscriminate in targeting, we haven’t seen a large volume of exploitation attempts
Based on what we have researched and observed, exploitation of this vulnerability is very easy, but we do not have any information about how reliable the exploitation is
Exploitation has remained about the same since we first spotted it on Sept. 28th
There is a PoC available, and the exploit attempts appear opportunistic
Exploitation is geographically diverse and appears indiscriminate
The fact that the attacker is using the same server to send the exploit emails and host second-stage payloads indicates the actor does not have a distributed set of infrastructure to send exploit emails and handle infections after successful exploitation. We would expect the email server and payload servers to be different entities in a more mature operation.
Defenders protecting Zimbra appliances should look out for odd CC or To addresses that look malformed or contain suspicious strings, as well as logs from the Zimbra server indicating outbound connections to remote IP addresses.
Northern Ireland Police Data Leak Sees Service Fined by ICO
Read Time:8 Second
The ICO blamed the Police Service of Northern Ireland for procedural failings that exposed the personal data of 9843 personnel, putting police officers at risk
LevelBlue: Driving Cyber Resilience in October (and Beyond)
Read Time:2 Minute, 59 Second
As we navigate the rapidly evolving technology landscape in 2024, Cybersecurity Awareness Month, now in its 21st year, highlights the increasing importance of protecting against the evolving threat environment across all areas of a business. This initiative motivates both individuals and entire organizations to adopt essential practices that enhance online safety.
Every October, Cybersecurity Awareness Month focuses on driving a collaborative effort in fostering cyber education, and like in 2023, it promotes the theme – “Secure Our World.”
As a Cybersecurity Awareness Month Champion, LevelBlue continues to show its dedication to this mission, while promoting the importance of cyber resilience among growing opportunities for innovation that might also increase cyber risk. This means simplifying security, aiming to provide always-on services that make governance, planning, resource allocation, and innovation easier than ever without sacrificing cyber protection.
Aligning on Cyber Resilience Goals Among the C-suite
As cybersecurity threats evolve, one of the biggest challenges facing organizations is the misalignment among C-suite leaders – which weakens overall cyber resilience.
The 2024 LevelBlue Executive Accelerator analyzes the dynamics among C-suite executives to better understand issues that prevent risk reduction, stall or complicate compliance, and create barriers to cyber resilience. According to its findings, 73% of CISOs expressed concern over cybersecurity becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58% of both CIOs and CTOs. This indicates a heightened concern among CISOs about balancing immediate security measures with the practicalities of implementing new technologies and managing resources. That need for tradeoffs suggests that CISOs are struggling to maintain a balance between advancing technological capabilities and ensuring robust cybersecurity measures, potentially leaving organizations exposed to increased risk.
This Cybersecurity Awareness Month, organizations must focus on improved alignment within the C-suite to provide clearer guidance on cybersecurity priorities by fostering a unified approach to risk management and operational resilience. When CIOs, CTOs, and CISOs collaborate closely, they can prioritize investments in cybersecurity technologies that mitigate risks effectively while supporting business objectives. This alignment reduces ambiguity and ensures that resources are allocated strategically, alleviating some of the pressure on CISOs to make unilateral decisions.
Achieving Cyber Resilience with Five Specific Steps
To effectively achieve cyber resilience, LevelBlue promotes five crucial steps that the C-suite and organizations as a whole should take – not only during Cybersecurity Awareness Month, but beyond:
Identify the barriers – This allows organizations to understand unique vulnerabilities and weaknesses in their current systems.
Adopt a “secure by design” approach – Organizations must ensure that security measures are integrated into every phase of product and system development, rather than being an afterthought.
Align cyber investments with business objectives – Resources must be allocated in ways that bolster overall organizational goals while enhancing security posture.
Build a support ecosystem that fosters collaboration and knowledge sharing among stakeholders – This creates a more robust defense against cyber threats.
Transform cybersecurity strategies to be agile and adaptive – This enables organizations to respond to evolving threats effectively, no matter how advanced an attack may become.
During Cybersecurity Awareness Month – and every month following – implementing these steps allows organizations to enhance their resilience against cyber incidents, ensuring not just protection but also the ability to thrive in an increasingly complex digital landscape. This proactive approach, among C-suite alignment, not only mitigates risks but also positions businesses to capitalize on opportunities in a secure manner, ultimately fostering trust among customers and stakeholders alike.
For more information about Cybersecurity Awareness Month and to engage in its various activities throughout the month, visit CISA’s Cybersecurity Awareness Month web page and Stay Safe Online Cybersecurity Awareness Month website.
LevelBlue: Driving Cyber Resilience in October (and Beyond)
Read Time:2 Minute, 59 Second
As we navigate the rapidly evolving technology landscape in 2024, Cybersecurity Awareness Month, now in its 21st year, highlights the increasing importance of protecting against the evolving threat environment across all areas of a business. This initiative motivates both individuals and entire organizations to adopt essential practices that enhance online safety.
Every October, Cybersecurity Awareness Month focuses on driving a collaborative effort in fostering cyber education, and like in 2023, it promotes the theme – “Secure Our World.”
As a Cybersecurity Awareness Month Champion, LevelBlue continues to show its dedication to this mission, while promoting the importance of cyber resilience among growing opportunities for innovation that might also increase cyber risk. This means simplifying security, aiming to provide always-on services that make governance, planning, resource allocation, and innovation easier than ever without sacrificing cyber protection.
Aligning on Cyber Resilience Goals Among the C-suite
As cybersecurity threats evolve, one of the biggest challenges facing organizations is the misalignment among C-suite leaders – which weakens overall cyber resilience.
The 2024 LevelBlue Executive Accelerator analyzes the dynamics among C-suite executives to better understand issues that prevent risk reduction, stall or complicate compliance, and create barriers to cyber resilience. According to its findings, 73% of CISOs expressed concern over cybersecurity becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58% of both CIOs and CTOs. This indicates a heightened concern among CISOs about balancing immediate security measures with the practicalities of implementing new technologies and managing resources. That need for tradeoffs suggests that CISOs are struggling to maintain a balance between advancing technological capabilities and ensuring robust cybersecurity measures, potentially leaving organizations exposed to increased risk.
This Cybersecurity Awareness Month, organizations must focus on improved alignment within the C-suite to provide clearer guidance on cybersecurity priorities by fostering a unified approach to risk management and operational resilience. When CIOs, CTOs, and CISOs collaborate closely, they can prioritize investments in cybersecurity technologies that mitigate risks effectively while supporting business objectives. This alignment reduces ambiguity and ensures that resources are allocated strategically, alleviating some of the pressure on CISOs to make unilateral decisions.
Achieving Cyber Resilience with Five Specific Steps
To effectively achieve cyber resilience, LevelBlue promotes five crucial steps that the C-suite and organizations as a whole should take – not only during Cybersecurity Awareness Month, but beyond:
Identify the barriers – This allows organizations to understand unique vulnerabilities and weaknesses in their current systems.
Adopt a “secure by design” approach – Organizations must ensure that security measures are integrated into every phase of product and system development, rather than being an afterthought.
Align cyber investments with business objectives – Resources must be allocated in ways that bolster overall organizational goals while enhancing security posture.
Build a support ecosystem that fosters collaboration and knowledge sharing among stakeholders – This creates a more robust defense against cyber threats.
Transform cybersecurity strategies to be agile and adaptive – This enables organizations to respond to evolving threats effectively, no matter how advanced an attack may become.
During Cybersecurity Awareness Month – and every month following – implementing these steps allows organizations to enhance their resilience against cyber incidents, ensuring not just protection but also the ability to thrive in an increasingly complex digital landscape. This proactive approach, among C-suite alignment, not only mitigates risks but also positions businesses to capitalize on opportunities in a secure manner, ultimately fostering trust among customers and stakeholders alike.
For more information about Cybersecurity Awareness Month and to engage in its various activities throughout the month, visit CISA’s Cybersecurity Awareness Month web page and Stay Safe Online Cybersecurity Awareness Month website.