Emerging Cybersecurity Threats: Lockbit 5.0, Salesforce AI Vulnerabilities, and China's Cyber Intelligence Advancements
In this episode of 'Cybersecurity Today,' host Jim Love discusses the latest cybersecurity threats, including the emergence of Lockbit 5.0 ransomware which can attack multiple platforms simultaneously, and a critical vulnerability in Salesforce's AI agents known as forced leak prompt injection. Additionally, the episode delves into the growing capabilities of China's Ministry of State Security, which has become a significant cyber intelligence force under Xi Jinping, raising serious concerns for Western security agencies.
00:00 Introduction to Cybersecurity Threats
00:18 Lockbit 5.0: A New Ransomware Threat
03:01 Salesforce AI Agents Vulnerability
05:50 China's Cyber Intelligence Operations
08:55 Conclusion and Call to Action
Episode Transcript
5.0 emerges as a cross platformransomware, salesforce AI agents
are vulnerable to forced Leak Promptinjection, and China's security agency.
Why its success scares Western agencies.
This is cybersecurity today.
I'm your host, Jim Love Lockbit is backand it might be more dangerous than ever.
(00:25):
Trend Micro said the new Lockbit.
5.0 variant can simultaneouslyattack Windows, Linux, and VMware.
ESXI systems giving criminalsthe power to attack entire
enterprise stacks in one campaign.
The Windows version is more dangeroususing techniques like DLL Reflection,
(00:47):
where malicious code is loaded straightinto memory , making it much harder for
anti-malware to detect and defend against.
The Linux build.
Lets attackers choose which directoriesand files to encrypt and the ESXI variant.
Go straight for virtualization hosts atthe bare metal hypervisor level, locking
(01:07):
up virtual machines and even encryptingbackups, a critical capability that
makes recovery even more difficult.
Compromising ESXI lets attackers hitdozens or hundreds of systems at once.
So an ESXI targeting strain can magnifythe impact far beyond a single endpoint.
(01:29):
And if that weren't enough.
Researchers also point out thatLockbit 5.0 has been re-engineered
to run faster, meaning theencryption process can complete
before defenders have time to react.
Speed is now a weapon shrinking thewindow for detection and response.
A researcher from Trend Microput it quite succinctly.
(01:52):
Heavy obfuscation and technicalimprovements across all variants
make Lockbit 5.0, significantly moredangerous than its predecessors.
Lockbit has also reactivated itsaffiliate program under a rebranded
and seemingly hardened platform.
Affiliates are the foot soldiers.
(02:14):
They launch attacks using Lockbit'sframework while the operators take a cut.
The incentive model has reportedlybeen refreshed to re-recruit operators
after the group's earlier disruptionand that network is what gives Lockbit.
Its reach and staying power.
this comes just months after Operation.
(02:35):
Cronos a joint, US UK law enforcementaction seized servers and keys, supposedly
dealing a death blow to Lockbit.
But like the villain in the horror movie,they're back with a new design speed
backup VM targeting, and the revivedaffiliate program that show the group
is determined to reestablish itself.
(03:01):
Salesforce has been takinga beating lately in terms of
security and its AI agents, and nowresearchers at Noma Security have
discovered another critical flaw.
This one in Salesforce's Agent Forceplatform, which lets companies spin up
autonomous AI agents to handle CRM tasks.
(03:22):
The issue has been dubbed forcedleak, and it carries a CVSS
severity score of 9.4 out of 10.
Attackers plant a maliciousinstruction into something as ordinary
as Salesforce's web to lead form.
When an agent later processes thatform, it doesn't just log the contact,
(03:43):
it follows the hidden prompt, andthat can lead to internal data being
leaked, altered, or even deleted.
Think of it as crossscripting for the AI era,
The Noma team showed they could trickan agent into exfiltrating customer
emails and lead data by abusing awhitelisted, but expired Salesforce
(04:06):
domain as Alan Tron Noma's CTO put it.
We were able to compromise theagent and tell it to do whatever.
It could leak information if weasked, but it could also be asked
to change the information in theCRM delete databases, whatever.
This is a textbook case of promptinjection where hidden or malicious
(04:28):
instructions get the AI to override itsintended behavior in consumer tools.
This might make for a funny jailbreak.
In enterprise systems, thestakes are much higher.
A poisoned prompt in A CRM could silentlysiphon data to an attacker or corrupt
sales, pipelines, contracts, and customerhistories without anybody noticing.
(04:52):
And it's important to notice that it'snot just the AI, it provides an entry
point and allows the exploitationof other problems and weaknesses.
in this case it was how trustedURLs are managed, where an old
URL was left as a trusted source.
when hackers hijacked thatURL, they had the ability to
exfiltrate huge amounts of data.
(05:15):
The lesson is whenever you give anautomated AI agent live access to
production data and workflows, youcreate a new and powerful attack
surface that can help find and exploitweaknesses in your existing security.
Prompt injection is no longer theoretical.
It's moved into core business systems.
(05:37):
We need to treat AI agents like anyother sensitive system, inventory
them, restrict their privileges,and monitor for unexpected behavior.
The New York Times is reportingthat China's Ministry of State
Security has quietly become oneof the world's most effective
(05:58):
cyber intelligence services under
Xi Jinping what was once a loose patchworkof regional hackers and contractors
has been folded into a centralized,disciplined agency that blends traditional
spycraft with modern cyber operations.
And the results are tangible years ofintellectual property theft, large data
(06:22):
exfiltration efforts, and persistentaccess that Western officials say
could be extremely hard to evict.
One arm of that machine is Salt Typhoon,a group linked by researchers and US
officials to intrusions at telecomand broadband providers Investigations
found that Salt Typhoon buried intocore networks had multiple carriers
(06:47):
with potential exposure of lawfulintercept systems, subscriber metadata,
and other plumbing level assets.
In short, they live in the backbonerouters and management systems, the
internet plumbing, which makes theiraccess stealthy and maybe durable.
Britain's, MI six has warned thatif China can keep these hidden
(07:08):
access points in place, thethreat is enormous and indicating
just how serious this threat is.
The Times also said that CIA directorWilliam J. Burns, made a secret trip to
Beijing in 2023 and warned his counterpartof serious consequences if malware
(07:28):
implanted in communications, water,or power systems were ever activated.
That's a stark illustration of how highthis now ranks in national security terms.
But here's the most unsettling piecewith the sloppiness reported around
the Doge programs and the broaderconsolidation of US data on a handful of
(07:52):
platforms, it's possible, probably likelythat China already holds an enormous
amount of information on all Americans.
The MSS has moved from disorganizedhackers for hire to a formidable
state run engine with systemic reach.
having this data ispowerful at the end of it.
(08:16):
This is not just anotherespionage story, it's a warning.
Our data architecture andoperational sloppiness have
multiplied the consequences ofany successful infiltration.
And with the amount of informationwe can expect, China has accumulated
not only infrastructure is at risk,although that's dangerous enough,
(08:38):
we can only hope that there'sa vigorous and effective US
effort quietly underway to evict,entrenched access and regain control.
'cause until that happens, therisk remains severe and unresolved.
And that's our show for today.
You can reach me with tips, comments,and even some constructive criticism.
(09:00):
I try to put some constructive advicewhere it makes sense, uh, so I'm not just
dropping bad news on you all the time.
But if you out there have tips or waysto avoid or deal with some of these
threats, by all means, send them to me.
Tech newsday.com.
Go to the contact us form.
Drop me a note I'm also on LinkedIn.
(09:22):
I'd love to hear from you.
I'm your host, Jim Love.
Thanks for listening.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
My Favorite Murder with Karen Kilgariff and Georgia Hardstark
My Favorite Murder is a true crime comedy podcast hosted by Karen Kilgariff and Georgia Hardstark. Each week, Karen and Georgia share compelling true crimes and hometown stories from friends and listeners. Since MFM launched in January of 2016, Karen and Georgia have shared their lifelong interest in true crime and have covered stories of infamous serial killers like the Night Stalker, mysterious cold cases, captivating cults, incredible survivor stories and important events from history like the Tulsa race massacre of 1921. My Favorite Murder is part of the Exactly Right podcast network that provides a platform for bold, creative voices to bring to life provocative, entertaining and relatable stories for audiences everywhere. The Exactly Right roster of podcasts covers a variety of topics including historic true crime, comedic interviews and news, science, pop culture and more. Podcasts on the network include Buried Bones with Kate Winkler Dawson and Paul Holes, That's Messed Up: An SVU Podcast, This Podcast Will Kill You, Bananas and more.