Tech Risk Reading Picks

1. AI autonomous hacking agents:The recent research findings demonstrate a significant advancement in AI-driven cybersecurity. Using GPT-4, researchers were able to exploit both known vulnerabilities (one-day or N-day) and previously unknown zero-day vulnerabilities. By employing a Hierarchical Planning with Task-Specific Agents (HPTSA) approach, which functions like a boss-subordinate structure, the system efficiently coordinates multiple AI agents to identify and exploit vulnerabilities. Compared to a single AI agent, this approach showed a 550% increase in efficiency and successfully hacked 8 out of 15 zero-day vulnerabilities. However, there are concerns about the potential misuse of such technology for malicious purposes. Researchers caution that the AI models alone are insufficient to understand their capabilities fully and cannot autonomously hack without human intervention. This emphasizes the importance of ethical and responsible use of AI in cybersecurity. [more][more-paper]

2. Microsoft and Tenable debate over Azure Service Tags vulnerability: Microsoft and cybersecurity firm Tenable are at odds over a reported vulnerability in Microsoft Azure. Tenable claims attackers could exploit a flaw in Azure Service Tags to bypass firewall rules, potentially accessing company resources. Microsoft disputes this, stating Tenable misunderstood the purpose of Service Tags and emphasizing the need for authentication in web requests. Tenable maintains the vulnerability exists, suggesting authentication as an additional layer of security but not a complete solution. Microsoft advises adding authentication tokens to HTTPS headers for enhanced security. [more][more-tenable]

3. Growing concern of Cloud risk: Only about 45% of organizations regularly audit their cloud environments for security, which is concerning given the increasing reliance on multi-cloud platforms. Many rely on automated tools or native security offerings from cloud providers. Paul Hadjy of Bitdefender stresses that businesses need to take more responsibility for cloud security. Top concerns include identity management, compliance, shadow IT, and human error. [more]

4. Quantum Risk: At the 2024 Cyber Security in Financial Services Summit in London, Zygmunt Lozinski, IBM's Global Lead of Quantum Safe Networks, discussed the changing cybersecurity landscape. He noted that quantum computing poses a significant threat to current cryptographic methods, urging proactive measures. Efforts led by NIST are underway to develop quantum-safe cryptographic algorithms. Organizations, especially in finance, are urged to start transitioning their cryptographic infrastructure early to avoid vulnerabilities. Regulatory bodies are supporting this transition. It's not just about changing algorithms; the entire IT ecosystem must be made quantum resilient. While quantum computing's impact on cybersecurity is still unfolding, early planning is crucial. Continuous monitoring and updating strategies are necessary to stay ahead. Overall, a proactive and comprehensive approach is needed to ensure cybersecurity in the quantum era. [more]

5. Growing attacks on AI systems: In recent times, there's been a surge in attempts to compromise AI systems, as highlighted by a case where a consulting firm, Protiviti, helped a client fend off a hacker trying to manipulate their AI data. While these attacks are still relatively rare, experts predict they'll become more common. The National Institute of Standards and Technology (NIST) outlined four types of AI poisoning attacks, each with varying degrees of impact. These attacks could come from both insiders and external hackers, with nation-states posing significant risks due to their resources. Motivations for such attacks include disruption, data theft, or extortion. Tech companies developing AI systems are likely primary targets, but organizations using these systems can also be affected, as seen in a recent case where malicious AI models were uploaded to a public repository. Despite rising concerns, many organizations lack preparedness against AI poisoning attacks. Detection and response mechanisms are often inadequate, with a lack of expertise in securing AI technology. Detecting such attacks is challenging due to the dynamic nature of AI systems, making traditional security measures insufficient. [more]

6. Web3 Cryptospace Spotlight

   1. DeFi Firewall free tool: Ironblocks, a blockchain security firm, has released a free tool called Firewall to help developers secure their smart contracts in decentralized finance (DeFi) protocols. This tool allows developers to easily implement various security measures to monitor transactions for suspicious activity. Firewall aims to prevent such attacks by identifying and halting potentially malicious transactions in real-time. The tool is currently being used by several prominent projects including Linea, AltLayer, and Kinto, with more expected to join. While Ironblocks doesn't directly profit from Firewall's usage, it serves as a precursor to their other cybersecurity products like the upcoming "Venn Security Network." By allowing developers to make changes to their security measures post-deployment, Firewall offers a flexible solution in an ecosystem where fixing vulnerabilities can be challenging due to code immutability. [more]

   2. Authority returned the seized tokens from Ronin network hack: The Norwegian government has seized and returned $5.7 million connected to a major cyber-attack on the Ronin network, crucial to Axie Infinity, a web3 game. This marks a global push against cybercrime in cryptocurrency. The hack, linked to Lazarus Group, led to a $600 million loss in March 2022. Norwegian authorities, with support from the FBI and blockchain experts, orchestrated the successful recovery, highlighting international cooperation in cybersecurity. [more]

   3. Swiss crytpo exchange lost $22M: Lykke, a Swiss crypto exchange, suffered a cyberattack resulting in a loss of over $22 million in digital assets, disclosed on June 4. SomaXBT, a web3 security researcher, revealed the exploit before Lykke's statement, detailing the withdrawal of 158 BTC and 2161 ETH by an unknown entity. Lykke shut down affected systems, addressed security lapses, and assured users of fund safety, citing strong capital and a diverse portfolio. They initiated a criminal investigation and hired a cybersecurity firm to recover stolen assets. The exchange apologized for the inconvenience and kept operations suspended as a precaution. [more]

   4. UwU Lend lost approximately $20M: Cyvers Alert, a blockchain security firm, uncovered a major exploit on the DeFi lending platform UwU Lend, resulting in a loss of around $20 million. The attacker utilized the Tornado Cash crypto mixer to fund their wallet. The exploit was attributed to a price oracle issue, according to PeckShield. Despite the incident, UwU Lend saw a surge in total value locked (TVL) by 135% in the last 24 hours, with over 82,000 ETH ($305 million) currently locked. UwU Lend, founded by Michael Patryn, offers liquidity provision and borrowing services in a collateralized manner. [more]

   5. OKX SIM swap attack: The OKX cryptocurrency exchange and security partner SlowMist are investigating a significant exploit resulting in the theft of two user accounts through an SMS attack, also known as SIM swapping. While the exact amount stolen remains unclear, it's reported as "millions of dollars." The attackers managed to create a new API Key with withdrawal and trading permissions, suggesting a sophisticated operation. While the investigation is ongoing, it's suggested that the exchange's two-factor authentication (2FA) mechanisms might not be the primary vulnerability. Despite OKX's 2FA, attackers were able to switch to a lower-security verification method, enabling them to whitelist withdrawal addresses via SMS. This exploit underscores the evolving tactics of hackers, as seen in a recent incident where a trader lost $1 million to a scam utilizing a Chrome plugin that steals user cookies to bypass passwords and 2FA. [more]