Tech Risk Reading Picks

1. LLM hijacking: On November 26, 2024, Wiz Research identified JINX-2401, a threat actor targeting AWS environments to hijack LLM models using compromised IAM user access keys. Despite leveraging high-level permissions and sophisticated techniques for privilege escalation and persistence, the attacker’s attempts to invoke Bedrock models were thwarted by Service Control Policies (SCPs). The attack featured consistent tactics, including the creation of IAM users and policies with specific naming patterns and API usage, often from Proton VPN IPs. Key Indicators of Compromise (IOCs) included regex-matching IAM usernames, a "New_Policy" with Bedrock permissions, and Python-based user agents. Security teams are advised to implement restrictive SCPs, monitor CloudTrail logs for known IOCs, inventory AI models for irregularities, and use detection rules to identify anomalous access patterns related to LLM model hijacking. [more]

2. Risk of using AI agents: By 2025, personal AI agents resembling unpaid assistants will seamlessly integrate into daily life, knowing schedules, preferences, and social circles while using voice-enabled interaction to foster a sense of intimacy and trust. However, beneath their humanlike facade lies a system designed to serve corporate interests, subtly shaping what we buy, where we go, and how we think. These "manipulation engines" may exploit human vulnerability, particularly in an age of loneliness, creating personalized algorithmic realities that appear to cater to individual desires but instead steer perceptions and choices imperceptibly. [more]

3. LLM-generated new malware variants could evade detection better: Cybersecurity researchers have discovered that large language models (LLMs) can be exploited to generate sophisticated variants of malicious JavaScript code that evade detection. While LLMs struggle to create malware from scratch, they excel at transforming existing code through obfuscation techniques like variable renaming and junk code insertion, making detection by machine learning (ML) models more difficult. This tactic can degrade malware classifiers and produce more natural-looking malicious variants than conventional obfuscation tools. Additionally, academic researchers have demonstrated side-channel attacks like TPUXtract to extract sensitive AI model configurations from Google TPUs, and vulnerabilities in AI frameworks like EPSS can be manipulated through adversarial techniques to mislead security evaluations. These developments highlight the dual-use nature of AI in cybersecurity, posing challenges for both defense and malicious actors. [more][more-unit42research]

4. Risk of cloud complexity: The adoption of cloud technology has revolutionized business operations with its scalability and innovation potential, but it also introduces complex security challenges, often referred to as the “ghost in the machine.” These threats exploit the dynamic and fragmented nature of cloud environments, leveraging identity compromises, misconfigurations, and automation to evade traditional detection. Security teams face hurdles from disjointed tools, limited visibility, and overwhelming data, creating vulnerabilities attackers exploit. To combat these issues, organizations must adopt integrated platforms, centralized visibility, real-time analytics, and automated detection methods. By layering behavioral analysis, anomaly detection, and threat intelligence within unified systems, businesses can transform cloud complexities into secure, resilient environments and stay ahead of evolving threats. [more]

5. CISA cloud security directive: The Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01 to bolster the security of federal cloud services by requiring civilian agencies to identify cloud tenants, implement assessment tools, and adhere to secure configuration baselines outlined in CISA’s Secure Cloud Business Applications (SCuBA) framework. Prompted by recent incidents highlighting risks from misconfigurations and weak controls, the Directive aims to mitigate threats such as unauthorized access and data exfiltration. CISA Director Jen Easterly emphasized the increasing threat to cloud environments and urged all sectors to adopt similar practices. CISA will oversee compliance, offer resources, and leverage its authority to reduce cyber risks and enhance resilience across federal agencies. [more]

   [more-CISA_BOD_25-01_Directive]

   [more-CISA_BOD_25-01_SCuBA_guide]

   [more-CISA_BOD_25-01_Guide_M365]

6. Supply chain risk management considerations for 2025: Israel's September pager attacks, which weaponized pager batteries to injure thousands in Lebanon, highlight the critical risks of supply chain vulnerabilities in an era of escalating cybercrime and zero-day exploit usage. To mitigate these threats, organizations must prioritize rigorous supplier validation, including compliance with global standards, evidence-backed resilience measures, and secure-by-design principles. Limiting third-party data access through zero-trust frameworks and robust encryption reduces attack surfaces, while adopting an "assumption of breach" mindset ensures thorough preparation with agile incident response plans, regular drills, and updated vendor contacts. These proactive measures are essential for securing supply chains and protecting critical infrastructure in 2025. [more]

Web3 Cryptospace Spotlight

1. Chainalysis crypto crime report 2025: Crypto hacking in 2024 reached unprecedented levels, with $2.2 billion stolen—a 21% YoY increase—and 303 incidents, marking the fifth year surpassing $1 billion in losses. The shift in hacking targets from decentralized finance (DeFi) platforms to centralized services, as seen in major breaches like DMM Bitcoin ($305 million) and WazirX ($234.9 million), underscores vulnerabilities in private key management. North Korean-linked hackers played a dominant role, stealing $1.34 billion across 47 incidents, funding state-sponsored programs. However, DPRK's hacking activity notably declined post-July, coinciding with geopolitical developments. Emerging predictive technologies like Hexagate show promise in preempting attacks, emphasizing the need for robust security, collaboration, and adaptive measures to address evolving threats in the crypto ecosystem. [more]

2. Blockchain will be PQ ready: Quantum computing advancements raise concerns about the potential to compromise Bitcoin’s encryption, but experts believe it could ultimately strengthen the network. Google’s quantum chip, Willow, demonstrates significant progress but remains far from the 13 million qubits needed to threaten Bitcoin’s security, as it currently has only 105 qubits. Bitcoin co-founder Adam Back reassures that quantum threats are decades away, advocating for future integration of post-quantum cryptographic schemes to enhance resilience. Meanwhile, Ethereum co-founder Vitalik Buterin has proposed proactive measures, such as a hard fork, to mitigate risks. Overall, the industry is preparing for a quantum future while leveraging the technology to improve blockchain security. [more]

3. MacOS Stealer Trojan open-sourced: SlowMist CISO 23pds warned on X about heightened threats to cryptocurrency security due to the open-sourcing of the MacOS Stealer Trojan. Previously sold for 1 BTC, the now freely available attack code could empower more malicious actors, enabling complex, covert methods and escalating risks to crypto assets. [more]

4. Web3 Operating System: Over the past three years, the Web3 and blockchain industries have matured significantly, showcasing immense potential in areas like DeFi, GameFi, decentralized exchanges, NFTs, and metaverses, despite challenges like complexity, poor user experience, and limited accessibility hindering mass adoption. Addressing these issues, verseOS emerges as an innovative Web3-native operating system offering a unified ecosystem, pre-installed tools, developer-friendly integration, and a transparent, open-source approach. It simplifies Web3 interactions while enhancing security, speed, privacy, and decentralization, making Web3 more accessible and sustainable for both users and developers. By integrating core Web3 principles into its foundation, verseOS aims to drive widespread adoption and empower the next phase of the digital economy. [more]