AI generated malware, Rackspace confirms ransomware, Meta Oversight Board rules on cross-check
Are we in the age of AI generated malware?
We covered yesterday that Stack Overflow temporarily banned the submission of code created with generative AI, specifically OpenAI’s ChatGPT. Given that the system can write code, computer security researcher Brendan Dolan-Gavitt looked into if it could create malicious code. He asked ChatGPT to solve a capture-the-flag challenge, resulting in an output that contained code exploiting a buffer overflow vulnerability. The challenge posed represented a basic student exercise, and Dolan-Gavitt noted it contained a basic error with character inputs. He cautioned that in its current form, ChatGPT capabilities remain limited now, but another model in the next few years would likely be quite capable.
Rackspace confirms ransomware attack
The cloud computing provider confirmed a ransomware attack resulted in its ongoing Hosted Exchange outage, but described it as an “isolated disruption.” It became aware of suspicious activity on December 2nd and took measures to isolate the Exchange environment. It began an investigation into “what, if any, data was affected” and will notify any impacted customer. It’s other products and service remain fully operational. No word on what ransomware group orchestrated the attack.
Meta Oversight Board rules on cross-check system
Meta’s Oversight Board released a report on Facebook and Instagram’s cross-check system, it’s moderation for high-profile public figures that sent posts for human review rather than Meta’s AI-focused moderation. The board found that while Meta maintains “cross-check aims to advance Meta’s human rights commitments, we found that the program appears more directly structured to satisfy business concerns.” It also found the system “allows content which would otherwise be removed quickly to remain up for a longer period, potentially causing harm.” On average, content going through cross-check remained up for five days while under review. In one instance, a piece of content stayed online for seven months. The board recommended hiding posts in cross-check marked as “high severity” while in review, providing a separate queue for business partners and “expression that is important for human rights,” and set out a public criteria for being included in cross-check.
UK finalizes crypto regulations
The FInancial Times’ sources say the UK Treasury finalized plans for reforms to the cryptocurrency industry in the country. These would reportedly empower the Financial Conduct Authority to more broadly oversee cryptocurrency businesses, monitoring how they operate and advertise. The reforms would also place restrictions on selling into the UK from foreign actors. The Treasury plans to launch a consultation period for the new rules with industry actors. The overall reforms would be part of the financial services and markets bill making its way through parliament.
Recommended by LinkedIn
Thanks to today’s episode sponsor, PlexTrac
TikTok national-security deal delayed
The Wall Street Journal’s sources say the deal looked set for the end of 2022, but now say the review will likely drag on. Concerns now center on how TikTok could share information related to its vaunted content-recommendation algorithm and the overall level of trust the US would need to place in the company. The Committee on Foreign Investment in the U.S sent no additional conditions on the deal to TikTok, so a path forward remains unclear. Both sides still agree that Oracle will store TikTok’s US user data. Any deal would also need approval by the Chinese government. Sources say TikTok-owner ByteDance did not consult China about any potential US deal yet.
(WSJ)
SCOTUS rejects cybersecurity patent case
The US Supreme Court declined to hear an appeal on a case by Centripetal Networks regarding a cybersecurity patent dispute with the networking giant Cisco. This dates back to a 2018 lawsuit in Virginia, with Centripetal alleging Cisco infringed on network-security IP. U.S. District Judge Henry Morgan ruled in 2020 that Cisco had infringed, awarding Centripetal $2.7 billion in damages and royalties owed. The U.S. Court of Appeals for the Federal Circuit threw out the award due to Judge Morgan’s wife owning 100 shares of Cisco stock during the initial case, something the judge disclosed at the end of the case. The Supreme Court decided not to hear an appeal on the negation of the award.
(Reuters)
The PRoot of the crypto mining problem
Security researchers at Sysdig report that it observed threat actors using the open-source tool called PRoot as part of a new breed of “bring your own filesystem” type of attack. The tool allows attackers to create an operational environment across Linux distributions and emulates malware capabilities even when built on different architectures. We’ve seen cross-platform malware an increasing point of emphasis among threat actors. But this usually comes from being written in a programming language like Rust. Due to being statically compiled, it doesn’t require external libraries, making deploying and obfuscating it even easier. Sysdig saw threat actors frequently using this to launch the XMRig crypto-miner.
Chinese threat actors target Middle East telcos
According to a new report from Bitdefender researchers, the Chinese-linked APT BackkdoorDiplomacy began operating a campaign against telcos in the Middle East since August 2021. This sought to exploit the ProxyShell flaw in Microsoft Exchange Server. Once obtaining access, the threat actors moved laterally across the network, conducting reconnaissance and harvesting data. Starting in February 2022, the group pivoted to using the Quarian backdoor, in addition to other bespoke tooling. This appears consistent with prior activity monitored from the group. ESET reported them operating campaigns in June 2021, targeting telcos and diplomatic entities in Africa and the Middle East.