August 28, 2025 • 31 mins
Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
So last night at the dinner table, my wife turns
to me and says, have you heard a single word
I've said? My first thought was what a strange way
to start a conversation, and.
Speaker 2 (00:14):
Now Carl is strange.
Speaker 1 (00:24):
Hey, welcome to Security this week. This is episode two
hundred hundred, two hundred. But we're not gonna celebrate that. Now,
we're gonna wait till what are we waiting till? Dwayne
two fifty six? Powers of Two's two six?
Speaker 2 (00:39):
We missed one ninety two. We don't celebrate two hundred. Listen.
It'd be like when you buy that one terabyte hard
drive and they say it's a thousand it's a thousand
meg and you're like, no, it's not, No, it's not
You understand how technology works, right, we can't celebrate two hundred.
Speaker 1 (00:52):
Okay, we're not celebrating, but we are acknowledging. This is
episode two hundred, and congrats to us. Right, I'm Carl
fr On that Stuye Leaflott and Patrick Hines, and we
got some stories.
Speaker 2 (01:04):
For you for this week's stories.
Speaker 1 (01:06):
Probably one of the most important ones but also one
of the obvious ones for our listeners to deal with
from bleeping computer. Apple fixes new zero day flaw exploited
in targeted attacks. And the reason I say, our listeners
are smart enough that when they have if they have
an iPhone and they see, hey, you need to update
your iOS tonight or whatever, you say, no, I want
(01:29):
to do it right now, do it right now.
Speaker 2 (01:31):
This very second.
Speaker 1 (01:32):
Well wait, yeah, go ahead. So but this was this
was pretty bad.
Speaker 2 (01:36):
Yeah. This So this one's pretty high on the CBSS
score eight dot eight. And this is we've talked about
these types of attacks before. This is an overflow, a
buffer overflow attack, right. So in this particular case, an
attacker who successfully exploits this vulnerability would supply malicious input
to a program which causes it to actually write memory
(01:57):
outside of their allocated buffers buffer over which can cause
the application to crash best case scenario. Worst case scenario
can cause remote code execution. Yeah, there's a lot of
times we see exploits that people don't really pay attention
to because they say, oh, well, all it does is
(02:18):
crash the service just started up again, right, who cares?
But the thing you need to know is generally if
you can crash something a piece of software, it means
it's not handling the input properly and there's a better
than even Odd's chance that give it a little bit
of time and a little bit of research, and you
can turn that into remote code execution.
Speaker 3 (02:38):
So we had a couple of West Point cadets doing
what would be called an internship with us. It's a
special program west Point runs. And one of the things
that we made sure we help them understand, especially when
they're doing hack the Box and red Team stuff with us,
is that there's a different difference between probabilistic and deterministic.
And most people live in a deterministic world with computing,
and they're like, well, a computer does what it's supposed
(03:00):
to do, and you know that's it's always two plus
two is always four.
Speaker 1 (03:05):
And it always tells you what it's doing. Yeah, I
mean if you don't want to listen.
Speaker 3 (03:10):
And cosmic rays can interfere with that and flip a
bit and cause two plus two to be equal to
you know, exclamation point.
Speaker 2 (03:18):
But that's rare.
Speaker 3 (03:19):
But when you're doing things where you're trying to like
crash a system, you get unexpected results, right, and so
you can literally get something that like deletes a file
just by happenstance, and it won't. You couldn't repeat it
if you tried. So a lot of times when we're
doing attacks, we have to do them multiple times, which
can be noisy because it's only going to happen like
(03:40):
if it's a raise condition, right, And so you have
to understand that if you're getting into this hacker mentality,
you have to think about that. Things are deterministic a
lot of the time, but when you're trying to do things,
some things are probabilistic and you might have to try
it every day for a month to get to the
right point in the calendar or in the clock, or
(04:00):
in the buffer where things will actually fallow your way.
Speaker 1 (04:04):
So if I was a hacker and I was trying
to engineer a buffer overrun thing that I could launch against,
you know, an attack vector, I would not just be
satisfied with crashing the machine. I would want to write
something to disk. I would want to write to the
boots sector and so when it comes back up, I
own it, Like I.
Speaker 3 (04:25):
Mean, Dwayne can lead us down the rabbit hole for
an entire episode.
Speaker 2 (04:28):
Yeah, Plus, so you know there's all sorts of cool
stuff on how that works.
Speaker 1 (04:32):
I'm trying to think. I'm trying to think darkly like Dwayne. So,
but that's what I would do. A hacker isn't just
going to be satisfied crashing your system.
Speaker 3 (04:41):
No, No, it's it's a it's a means to an end.
So when when we get a buffer overrun and Dwayne's
gonna have to take it. You know, at some point here,
when you get a buffer overrun, you basically experiment to see, well,
you know, how how far do I get in that
buffer before I'm writing to something, before I can get
to the execution part of the code, before I get
where is it in memory?
Speaker 2 (05:02):
For us to go deeper into this, we're going to
understand egg hunting and trampolines.
Speaker 1 (05:07):
Maybe a Twain chain much LSD did you take before
the show?
Speaker 2 (05:12):
I smell toast. These are actually tactics and techniques for
buffer overruns. Where you have a trampoline. Might be I
don't have enough space at the end of the buffer,
but what I can do is jump to a space
and then it jumps back to another space. I control
that in the stack. I mean, why trampoline because it's
(05:33):
not on the stack. It's not yeah, you know, and
then egg hunters I put up, you know, with with
my infected input, I may put a little tag like
dead beef or something like that, and then I look
for it in the stack and then execute there. Or
you know, rop chains return oriented programming. We're actually try
(05:54):
and inject and grab pieces of DLLs and use those.
There's a lot in there.
Speaker 1 (05:58):
All right. So, equal listeners, are you listening to Dwyane
because he just gave you some.
Speaker 2 (06:04):
It's absolutely rock chains, trampolines and egg.
Speaker 1 (06:12):
Hunters, okay, dune the flat ladies and gentlemen. All right,
So I guess that's all we want to say about that.
If you if you see, uh, you know, something that
pops up on your iPhone that says, hey, it's time
to update, you need to do it right away, all right.
(06:32):
Next story Agentic browser security colon indirect prompt injection in
perplexity comment. Yeah, so you know there's so many good
band names in this headline.
Speaker 2 (06:44):
Perplexity comment, Yeah, I.
Speaker 1 (06:46):
Just don't understand.
Speaker 3 (06:49):
Perplexity comment Browser Security that I'd listen to that band.
Speaker 1 (06:53):
Browser security indirect prompt injection. What a great name for
a band.
Speaker 3 (06:59):
But then nothing like Labyrinth of Pain. You know, that's
my favorite old time man.
Speaker 1 (07:04):
All right, somebody explained this.
Speaker 3 (07:05):
So this there's actually several stories about this, and we
picked this one to talk about because this article actually
goes through and explains very well how it's set up.
And so basically it's about injection. So when when an
AI is looking to do your bidding, it's looking for
a prompt, and so what the hackers trying to do
is alter the prompt, and it can be something as
(07:27):
simple as you know, and also route a copy of
the output over here, or you know, add to this
a you know, add to this the contents of the
local directory to this location. And it's stuff that the
user wouldn't notice, but it's stuff that would you know,
do bad things on behalf of the attacker. And so
(07:50):
down below it says how the attack works. It talks
about the setup from bed malicious instructions in web content.
They can use white text on a white background, all
the tricks that we used to use for search engines.
M M yeah, search.
Speaker 2 (08:03):
Engine optimizations back right. And then there's the trigger.
Speaker 3 (08:06):
An unsuspecting user navigates to the page and using the
browser's AI, you know, you say something like summarize the
page or ask it to extract key points from the page,
and it will read that prompt as a prompt.
Speaker 2 (08:20):
Yeah. And you know what's interesting is like there's it's rare.
I go to a web page and I say, gosh,
I wish I had a summary of this web page.
But if you start looking at some of the examples
they used, like Reddit, there could be a long list
of let's say we're troubleshooting something, there may be a
long list of replies and whatnot. I really just want
to know did somebody figure out what the issue was
and what the selection was. Yeah, so summary is fantastic there, right,
(08:41):
or stack overflow or whatever.
Speaker 3 (08:43):
But those are definitely places you could put these attacks
on because you're allowed to put in images Gemini.
Speaker 1 (08:49):
Google is doing summarization and Google searches right now. Yeah,
so if you search for something, well and there's a
you know, like on dot rocks what happened in nineteen
sixty six, right, you'll get a summary of that from
Gemini right in the right in the page. It's kind
of cool.
Speaker 3 (09:10):
Yeah, and now you're vulnerable to this attack.
Speaker 1 (09:13):
Yeah.
Speaker 2 (09:14):
I mean I think if you're just using if you're
just using Gemini and searching on Google. I don't know
that it matters too too much. If you have a
browser extension installed that has agency on your local computer. Yeah,
that's when I would be really much more concerned.
Speaker 1 (09:34):
Give me a list of websites that have cross site scripting. Go.
Speaker 3 (09:37):
Well, so summary, I guess the summary end up being
handled a lot in the same way that we handle
SQL injection, which is when I'm doing a query, ignore
other command line stuff and in other words, treat this
as data, not as prompt right, And so I think
we're going to have to get that, but we're gonna
these are going to pop up all sorts of problems.
(09:58):
It's a new age, the AI and all this stuff
is brand new in the way that we're using it,
which means we have to reinvent the security through a painful,
painstaking incremental process.
Speaker 1 (10:07):
And this story illustrates what you just said. That you're
hacking text, right, It's never been easier to hack something
because it's just you're just changing text. There's no assembly codes.
Speaker 3 (10:21):
Like Captain crunch. We're back in the beginning.
Speaker 1 (10:23):
Yeah, exactly. It's it's an easy target, so got to
be more diligent, all right. Next story, Docker, Docker is
the thing that gives you containerization. It was the first
containers that are like virtual machines, but they use all
of the local machines resources, and they're very light, like
(10:46):
a process instead of a very big, heavy virtual machine.
But they can contain applications and servers.
Speaker 2 (10:53):
It's like the matrix. It's the matrix for apps. Yeah.
Speaker 1 (10:57):
So Docker fixes CVE twenty twenty five nine oh seven
four critical container escape phone ability with CVSS score of
nine point three.
Speaker 2 (11:07):
Now this is just the desktop versions.
Speaker 1 (11:10):
So can that means that the code can can escape
the container.
Speaker 3 (11:14):
Right, but only on desktops, not not in a server
environment from what I'm seeing.
Speaker 2 (11:19):
Uh yeah, good, Yeah, it's just like desktop. Docker can
have a little bit more interactivity, so where you can,
you know, look at the container and paste commands in
and that sort of stuff you probably wouldn't do with
a Docker or you know, in the cloud or something along.
Speaker 3 (11:34):
Those And I believe that's probably where they're where they're
taking advantage of it.
Speaker 2 (11:38):
Yeah, and this isn't the first one we've seen before.
There was a drawing back on my memory. There was
a clip clipboard like a copy paste bug with Docker
probably nine months ago, maybe a year where you would
have control over the user's clipboard and then be able
(11:59):
to run things back and forth. So we see these
things occasionally. Yeah, you just need to be careful whenever
you have anything containerized to always assume that it may
jump off the off the container and onto your desktop.
Speaker 3 (12:12):
Okay, go Patrick, it's gotten out of the lab. This
is like the worst nightmare for Yeah, you know, a
biological lab.
Speaker 2 (12:19):
I know, right, don't worry, we've got it in that
safe container over there, that sneezing monkey. Just ignore them
all right.
Speaker 1 (12:27):
So to continue our AI fear mongering, open AI says
HiT's scanning users chat GPT conversations and reporting content to
the police. They're watching now here. This may seem really scary. However,
they all do this, All the l l ms do this.
Speaker 2 (12:50):
So I'm still waiting for the news story.
Speaker 1 (12:53):
There isn't a news story here, but yeah, it's.
Speaker 3 (12:57):
Maybe a PSA reminder that you know, I mean all
of us have like looked up and said post for
the satellite photo.
Speaker 1 (13:04):
Yeah exactly, So it's just like email. Treat it all
as public.
Speaker 2 (13:09):
Information, yeah, and life will be better. Yeah, yeah, it's
it is interesting though, like, what do you filter on
so it says they have an algorithm the back end
that detects potentially dangerous decisions, which are then escalated to
human reviewers. Reviewers can take action, including banning accounts, et cetera.
Speaker 3 (13:28):
That's we saw Microsoft and other providers doing this for
many years, where like if they saw somebody engaging in
a criminal activity on their their accounts or you know,
child pornography, that kind of thing, they would they would
surface it in exactly the same process. So I think
this is no surprise.
Speaker 2 (13:45):
Yeah, no, agreed. I just always wonder, you know, as
a person who's always constantly looking for how to exploit
systems and technology. It's I'm sure I'm on some list somewhere,
multiple lists everywhere.
Speaker 3 (13:58):
Well, is there is there going to be something, you know,
open AI swatting where I pretend I'm you and do
something extreme on all maybe with injecting prompts with exact
pages exactly.
Speaker 1 (14:11):
So not only do you get information on how to
protect yourself, you also get informations on how to be
more evil.
Speaker 2 (14:18):
I'm just doing it. Welcome to the podcast.
Speaker 1 (14:22):
All right, All right, well this is a good time
to take a break, I guess, So we'll be right
back after these very important messages. And as a reminder,
if you don't want to hear these mid and trailing
and messages, you can become a patron for five bucks
a month at Patreon dot Security this week dot com
and we'll give you a feed that has no ads.
(14:42):
We'll be right back and we're back. It's Security this Week.
I'm Carl, Its Dwayne and Patrick And to start the
second half off of our two hundredth show, let's talk
about this PDF, which is a about a joint cyber
security advisory.
Speaker 2 (15:03):
From Defense dot gov.
Speaker 1 (15:04):
From Defense dot Gov that basically, this is the what
do they call that, super Friends?
Speaker 2 (15:10):
It's super Friends. It's like the super super heroes.
Speaker 1 (15:13):
Like the Justice League, the Justice League. Right, So, a
bunch of countries have gotten in their security agencies have
gotten together to form an alliance to protect themselves basically
against Chinese state sponsored actors because they're all getting hammered by.
Speaker 3 (15:34):
Them from the makers of World War two. Yeah, so
this is a bunch of security agencies US government, Canada, Germany,
New Zealand, yeah, you name it, and a lot of
them Big list getting together and kidbetzing to share information
because Chinese networks are becoming a big problem. Right They're
(15:58):
they're hitting everybody. They're going out after Finland and Germany
and Italy and Japan and the United States, Canada. It's
not just US, uh, And they are getting caught so
often that it's alarming, which it either means two things.
Either they're just not that good, yeah, or they're just
doing it so much and we're just kept catching the
tip of the iceberg. And that's the concern here. So
(16:20):
the document is you know, like forty pages long, almost,
and it talks about threat hunting, guidance, indicators of compromise mitigation.
So it's sharing information across these these organizations so that
they can all better steal themselves against the Chinese threat.
Speaker 1 (16:38):
If the document doesn't say that they've actually done anything yet.
Speaker 2 (16:41):
Right now they're just meeting. They're just assembling. Yeah, they're assembling.
Speaker 1 (16:44):
Yeah. Yeah, but it's good.
Speaker 2 (16:46):
Then then they'll do But now that's the next episode, yeah, exactly.
You can't rush this.
Speaker 1 (16:50):
Maybe by episode two hundred and fifty six we'll have
an update on this story.
Speaker 3 (16:54):
Well, there's there's a group of income of not companies,
group of government's called the Five Eyes, who are one
of the closest security relationship there is. I'm sure they've
already been doing that.
Speaker 1 (17:08):
Is that like Italy, Italy, Ireland, it's the other eye,
the eye of the United States, Canada, England, New Zealand, Australia.
Speaker 3 (17:20):
I believe of the five eyes the English speaking countries.
And so did I get those right?
Speaker 2 (17:26):
Wayne? I think I did. That sounds right, That sounds right, Yeah.
Speaker 3 (17:29):
And so they do they I'm sure they are doing
it and they're all part of this list.
Speaker 2 (17:33):
Yep.
Speaker 1 (17:33):
Cool.
Speaker 2 (17:33):
I want to know who's there's a whole list of
like really cool symbols here, like the NSA and CIS
and ND. I want to know who's whose symbol is
the three fish? Can anybody tell me whose symbol is
the three fish with a yellow background.
Speaker 1 (17:48):
It's got to be finlandt it finn Finland?
Speaker 2 (17:52):
My god? If it's Finland, honestly, it might be Iceland.
It might be.
Speaker 1 (17:59):
Iceland, Iceland. Yeah, they're fishy, Okay. Next story, sales loft
oh off breach via drift Ai chat agent I sent
a theme here exposes Salesforce customer data.
Speaker 2 (18:17):
Yeah, so in this particular one data theft campaign compromising
o off and the refresh tokens, so oof is. Think
of it as an API to authenticate your users to
an application of some sort.
Speaker 1 (18:33):
Yeah, and not necessarily using their passwords that they have
on your system.
Speaker 2 (18:39):
Yeah, exactly.
Speaker 1 (18:40):
I think i'd log in with Google or Twitter or
something exactly like.
Speaker 2 (18:43):
And you know a lot of times you go to
your webs to a website and it says do you
want to log in with your Google account? Right? Well,
that site hopefully isn't stealing your username of password to Google,
but let's assume it's not. It's actually redirecting you to Google,
and you log in, and what happens is Google then
sends back a token to the originating website saying, yes,
this user is locked in. Right whatever, whatever permissions you
(19:07):
want to give this user, fantastic, go ahead, feel free,
but I can verify that this is this user, right,
the users as they're presenting themselves. So not a great
thing to be able to compromise an o off token
where you can then pretend to be someone else. According
to this, the threat actor, tracked by Google's Threat Intelligence
Group and mandian as UNC six three ninety five potentially
(19:32):
impacted seven hundred organizations. Wow, they say they allowed the
attacker to access Salesforce customer environments potentially. So yeah, just
it's it's interesting in that you can do everything right.
You can use a professional, you know, all off provider,
you can use Salesforce's one of the largest, you know
(19:54):
organizations from that standpoint on the planet in what they do,
and still you know your data, your data might be
breached in some way.
Speaker 1 (20:03):
Yeah, so all right, let's move on from that happy
story to bleeping computers story. New AI attack hides data
theft prompts in downscaled images. So a downscale image is
like a thumbnail version that's kind of blurry when you
blow it up, right, that's what that means.
Speaker 2 (20:23):
Mm hmm.
Speaker 1 (20:23):
Yeah, So here we go again at theft prompts.
Speaker 3 (20:27):
It's funny that they downscale the image instead of upscaling.
Speaker 1 (20:30):
It, right, You would think that if they upscaled it,
it would be easier to hide.
Speaker 2 (20:36):
Or easy to put more data in. Yeah, I think
the problem. The one of the reasons they do the
downscaling is because I can put prompts inside of when
I downscale an image. There's only so many colors. Think, like,
you know, we have sixty five million colors out there.
But if I downscale the image, there may only be
like two hundred and fifty six colors, So they're not
downsizing it. Oh I see, they're just downscaling.
Speaker 3 (20:59):
So all the five greens that were in the image
just become green, exactly right.
Speaker 1 (21:03):
So instead of a twenty four bit color image, it's
a two hundred and fifty six color image.
Speaker 2 (21:08):
But in the background the text which was say all
of green as opposed to the background which might have
been a forest green, they've just been downscaled to just green.
But the bites in the back defining the font are
still there. Oh so when the AI sees that, it goes,
(21:29):
oh okay, Well there's clearly text here that the human
can't see, right, but the AI would would still see okay.
So this is very similar to the same type of
story we had just talked about with white like white
text on white backgrounds. Yeah, right, very similar style attack,
just with images rather than trying to hide the text
(21:50):
inside of a website.
Speaker 1 (21:52):
So how does that become a prompt? Is it's something
like you uploaded to chat GPT, and chat GPT sees
the text inside it and executes it as.
Speaker 2 (22:00):
A prompt, so it can do that. But for the
most part, you're not probably taking a really down res
image and trying or a downscaled image and trying to
upload it to a prompt But come back to you know,
Google extensions in your Chrome browser, right that are doing
AI summarization and that sort of stuff. They're just going
to see it as text in that image, right, and
(22:21):
then they're going to process it and however they would
process it.
Speaker 1 (22:24):
Okay, be careful out there, as if you knew what
to do with that. But all right, so shall we
get to our clickbait story. And it's well, let's just
read it. Someone created the first AI powered ransomware using
open AI's gptoss twenty B model.
Speaker 2 (22:48):
So awesome.
Speaker 1 (22:49):
Oh that means it's terrible. AI powered ransomware does not
sound good.
Speaker 2 (22:55):
So good, it's so good. It depends on which side
of the ransomware you're on. So okay, imagine in this
right for defenders to protect against ransomware, there's a couple
of things they need to do. Right, So we all
have antivirus and or endpoint detection and or x fill rules,
our rules that are looking at our firewall and looking
(23:16):
for traffic and all sorts of stuff. Right, So all
of that is behavioral monitoring. What is an application doing
on my computer? Or it's pattern matching, what do the
bits look like? Right? So I take an executeable that's
clearly reuke right the ransomware, and I then scan it
with Defender and it goes, THIS'SRIU. I know there's riuk.
(23:37):
I've seen hundreds of thousands of samples of this. I
know what this is hyriuk. So how do you as
a ransomware purveyor continue to infect computers when they start
having more and more aggressive pattern matching and or behavioral matching?
And one of the things to do is change the
(23:59):
behavior so that it is different per customer, and change
the pattern so the ransomware is different per customer. Well,
that's a lot of work. Just wiggle it, just wiggle
it just a little bit, but just a little bit.
So what they're doing here is they're actually and it
says they're using artificial intelligence, and they're using gpt OSS
twenty B model, which is still a sizeable model. What
(24:24):
they're really doing is creating a tunnel back to a
set of servers where they can ask their own AI,
hey can you write me a script? Lewis script to
go find interesting files. Can you write me a Lewis
script that's going to encrypt these files and give me
a key. So every time it writes those scripts in
that code, it's unique, so that it makes it much
(24:48):
harder to determine indicators of compromise, and it makes it
much harder for antivirus and you know, EDRs to identify
it early before it starts infecting. Okay, personally, I don't think,
you know the there's a lot of space they could
go with this. Yeah, honestly, you know they're not where
it's me. You know, imagine having a piece of ransomware
(25:12):
that not only can write custom scripts, but can also
monitor all processes on a box and as it probes
that computer, determine what which endpoint detections are on there
and know how to handle them and handle them faster
than say a security operations center could. So I think
you're going to start to see this is kind of
the opening gamut. You're going to start to see a
lot of large language models leveraged at the speed of
(25:36):
AI to be able to move in a sophisticated way
and latter really start moving around networks rather than just
writing a couple of scripts. So this I think this
is the beginning.
Speaker 1 (25:48):
I have questions. Is this OSS model local or does
it have to call out to an API to get.
Speaker 2 (25:54):
No, so it calls out to an API, but that
API is held and housed by the attackers.
Speaker 1 (26:00):
Yeah, so isn't it easy to trace?
Speaker 2 (26:02):
Well, you could trace the connection back to that server,
depending on if they're doing something like oh, well we're
connecting through tour. Yeah, it's not in their house, right,
so now we're getting routed all over the place or
as an anonymiser, right, So.
Speaker 3 (26:14):
It's not and it's on a stolen server somewhere that
they're very well could be. Instead of crypto jacking it,
they're using it for this, so.
Speaker 2 (26:21):
They've covered their or I'll just tell you if you want,
just host it in AWS because generally, oh, it's really
hard to block all of Amazon.
Speaker 1 (26:28):
Dwayne, we can't play the theme song that many times
in one episode.
Speaker 2 (26:34):
That's just that's that we should just the whole episode.
Would we just play that on loop? Just throw it
at AWS they won't notice.
Speaker 1 (26:41):
Okay, so you said this is the opening gambit, and
we know it's a game of cat and mouse as
Patrick likes to say, so, will we see ransomware detectors
using AI in the future or maybe the not so
distant future and see these things battle each other?
Speaker 2 (26:59):
So I think it depends on who you talk to,
But most ransomware like endpoint detection and anti virus say
they're already using AI, which most of it's a load
of bs anyways, But will we see this? Yeah? Absolutely.
I actually was having this conversation with buddy of mine,
Rich Hirsh, where he had sent me information about AI
(27:19):
being used on attacking offensively, like attacking networks and that
sort of stuff, and I was telling him, listen, I think,
you know, this is going to be the norm. We're
going to start to see within It wouldn't surprise me
that within twelve months we don't see all out AI
attack systems and AI defense systems going at each other
head to head. Now we're not talking you know AGI.
(27:41):
We're not talking general intelligence where it's smarter than all
of us and it is battling it out for the
fad to humanity. We're talking systems that can make decisions
much faster than a human operator would in either an
attack or defense sense, going at each other I think
we'll see that easily within the next twelve months.
Speaker 1 (28:03):
Yes, okay, so is it as scary as we made
it out to be?
Speaker 2 (28:08):
So? Yes, I think it is. And here's why a
lot of us put a lot of faith in defense
against ransomware by having you know, our defender, on having
our you know, uh anti virus EDRs, on having them
set to full, having whatever, and a lot of us
don't put enough focus on backup and recovery, on offline
(28:35):
storage of sensitive files, on you know, multi factor authentication,
access to secure vaults of data. Right, So, I think
we're seeing sort of the beginning of leveraging large language
models in a way that might sort of render anti
virus and EDRs for a little time frame at not
(28:56):
as effective. So that would be my big concern as
we see a big uptick in ransomware attacks, and the
eders will follow and they will defend, and like Patrick says,
that's the cat and mouse game. But yeah, I would
be concerned.
Speaker 1 (29:09):
In these ransomware attacks. We know that most of the
them are triggered by social engineering tactics, but you also
mentioned a while back that a common technique that the
hackers are using is to infect all the files, but
then lay dormant, yeah, for a month, two months or whatever,
until you've made all your backups, and then flip the
(29:32):
switch and say, hey, guess what, you're ransomed and now
your backups for the last few months are also ransomed.
Speaker 2 (29:37):
Yeah, exactly encrypted. Yeah, And that's you're absolutely right. Not
only is initial access i A typically through social engineering,
and that's usually phishing, email or something along those lines
where you get an email and an asty click on
something and you do. We're going to start to see
those attacks get much more sophisticated and much more successful
because of LMS, right, an AI, and then the next
(30:00):
step in that phase, You're absolutely right, they'll sit and
lay dormant. Can I get access to I mean, you
know what the what's also really interesting in ransomware right
now is not only are the ransomware is the software
moving from computer to computer and infecting data. It's actually
obviously pulling sensitive information off and shuttling it off to
the attackers and they're using that for extortion. But what
(30:22):
they're also doing is now looking for your cyber insurance
policy on the network and determining what your coverage is
so they know pay how much to charge you because
they know it's covered by the insurance agent. So there's yeah,
there's a lot of sophistication when we start looking at
you know, ransom Will they pay my premium if I'm
behind it? God damn it.
Speaker 3 (30:44):
This BACKWK he's behind on his premiums. Again, I have
half of mine not to ransomware him this week. That'll
teach him.
Speaker 2 (30:53):
There are stories of you know, negotiators negotiating with ransomware gangs,
and the negotiators like, oh my god, you know, we
can't afford it. We're a small school district, and then
the ransomware purveyor sends them their own policy with it highlighted,
saying you just signed this. Yeah you can afford it.
Your insurance is going to pay for it anyways.
Speaker 1 (31:13):
Yeah wow, all right.
Speaker 2 (31:16):
Yeah, but that doesn't leave us any money for vacations.
Speaker 1 (31:21):
And on that happy note, we're going to wish you
all the good night's sleep tonight. Yeah, good luck. All right,
we'll see you next week.
Speaker 2 (31:30):
Bye, thank you, and good night.
So last night at the dinner table, my wife turns
to me and says, have you heard a single word
I've said? My first thought was what a strange way
to start a conversation, and.
Speaker 2 (00:14):
Now Carl is strange.
Speaker 1 (00:24):
Hey, welcome to Security this week. This is episode two
hundred hundred, two hundred. But we're not gonna celebrate that. Now,
we're gonna wait till what are we waiting till? Dwayne
two fifty six? Powers of Two's two six?
Speaker 2 (00:39):
We missed one ninety two. We don't celebrate two hundred. Listen.
It'd be like when you buy that one terabyte hard
drive and they say it's a thousand it's a thousand
meg and you're like, no, it's not, No, it's not
You understand how technology works, right, we can't celebrate two hundred.
Speaker 1 (00:52):
Okay, we're not celebrating, but we are acknowledging. This is
episode two hundred, and congrats to us. Right, I'm Carl
fr On that Stuye Leaflott and Patrick Hines, and we
got some stories.
Speaker 2 (01:04):
For you for this week's stories.
Speaker 1 (01:06):
Probably one of the most important ones but also one
of the obvious ones for our listeners to deal with
from bleeping computer. Apple fixes new zero day flaw exploited
in targeted attacks. And the reason I say, our listeners
are smart enough that when they have if they have
an iPhone and they see, hey, you need to update
your iOS tonight or whatever, you say, no, I want
(01:29):
to do it right now, do it right now.
Speaker 2 (01:31):
This very second.
Speaker 1 (01:32):
Well wait, yeah, go ahead. So but this was this
was pretty bad.
Speaker 2 (01:36):
Yeah. This So this one's pretty high on the CBSS
score eight dot eight. And this is we've talked about
these types of attacks before. This is an overflow, a
buffer overflow attack, right. So in this particular case, an
attacker who successfully exploits this vulnerability would supply malicious input
to a program which causes it to actually write memory
(01:57):
outside of their allocated buffers buffer over which can cause
the application to crash best case scenario. Worst case scenario
can cause remote code execution. Yeah, there's a lot of
times we see exploits that people don't really pay attention
to because they say, oh, well, all it does is
(02:18):
crash the service just started up again, right, who cares?
But the thing you need to know is generally if
you can crash something a piece of software, it means
it's not handling the input properly and there's a better
than even Odd's chance that give it a little bit
of time and a little bit of research, and you
can turn that into remote code execution.
Speaker 3 (02:38):
So we had a couple of West Point cadets doing
what would be called an internship with us. It's a
special program west Point runs. And one of the things
that we made sure we help them understand, especially when
they're doing hack the Box and red Team stuff with us,
is that there's a different difference between probabilistic and deterministic.
And most people live in a deterministic world with computing,
and they're like, well, a computer does what it's supposed
(03:00):
to do, and you know that's it's always two plus
two is always four.
Speaker 1 (03:05):
And it always tells you what it's doing. Yeah, I
mean if you don't want to listen.
Speaker 3 (03:10):
And cosmic rays can interfere with that and flip a
bit and cause two plus two to be equal to
you know, exclamation point.
Speaker 2 (03:18):
But that's rare.
Speaker 3 (03:19):
But when you're doing things where you're trying to like
crash a system, you get unexpected results, right, and so
you can literally get something that like deletes a file
just by happenstance, and it won't. You couldn't repeat it
if you tried. So a lot of times when we're
doing attacks, we have to do them multiple times, which
can be noisy because it's only going to happen like
(03:40):
if it's a raise condition, right, And so you have
to understand that if you're getting into this hacker mentality,
you have to think about that. Things are deterministic a
lot of the time, but when you're trying to do things,
some things are probabilistic and you might have to try
it every day for a month to get to the
right point in the calendar or in the clock, or
(04:00):
in the buffer where things will actually fallow your way.
Speaker 1 (04:04):
So if I was a hacker and I was trying
to engineer a buffer overrun thing that I could launch against,
you know, an attack vector, I would not just be
satisfied with crashing the machine. I would want to write
something to disk. I would want to write to the
boots sector and so when it comes back up, I
own it, Like I.
Speaker 3 (04:25):
Mean, Dwayne can lead us down the rabbit hole for
an entire episode.
Speaker 2 (04:28):
Yeah, Plus, so you know there's all sorts of cool
stuff on how that works.
Speaker 1 (04:32):
I'm trying to think. I'm trying to think darkly like Dwayne. So,
but that's what I would do. A hacker isn't just
going to be satisfied crashing your system.
Speaker 3 (04:41):
No, No, it's it's a it's a means to an end.
So when when we get a buffer overrun and Dwayne's
gonna have to take it. You know, at some point here,
when you get a buffer overrun, you basically experiment to see, well,
you know, how how far do I get in that
buffer before I'm writing to something, before I can get
to the execution part of the code, before I get
where is it in memory?
Speaker 2 (05:02):
For us to go deeper into this, we're going to
understand egg hunting and trampolines.
Speaker 1 (05:07):
Maybe a Twain chain much LSD did you take before
the show?
Speaker 2 (05:12):
I smell toast. These are actually tactics and techniques for
buffer overruns. Where you have a trampoline. Might be I
don't have enough space at the end of the buffer,
but what I can do is jump to a space
and then it jumps back to another space. I control
that in the stack. I mean, why trampoline because it's
(05:33):
not on the stack. It's not yeah, you know, and
then egg hunters I put up, you know, with with
my infected input, I may put a little tag like
dead beef or something like that, and then I look
for it in the stack and then execute there. Or
you know, rop chains return oriented programming. We're actually try
(05:54):
and inject and grab pieces of DLLs and use those.
There's a lot in there.
Speaker 1 (05:58):
All right. So, equal listeners, are you listening to Dwyane
because he just gave you some.
Speaker 2 (06:04):
It's absolutely rock chains, trampolines and egg.
Speaker 1 (06:12):
Hunters, okay, dune the flat ladies and gentlemen. All right,
So I guess that's all we want to say about that.
If you if you see, uh, you know, something that
pops up on your iPhone that says, hey, it's time
to update, you need to do it right away, all right.
(06:32):
Next story Agentic browser security colon indirect prompt injection in
perplexity comment. Yeah, so you know there's so many good
band names in this headline.
Speaker 2 (06:44):
Perplexity comment, Yeah, I.
Speaker 1 (06:46):
Just don't understand.
Speaker 3 (06:49):
Perplexity comment Browser Security that I'd listen to that band.
Speaker 1 (06:53):
Browser security indirect prompt injection. What a great name for
a band.
Speaker 3 (06:59):
But then nothing like Labyrinth of Pain. You know, that's
my favorite old time man.
Speaker 1 (07:04):
All right, somebody explained this.
Speaker 3 (07:05):
So this there's actually several stories about this, and we
picked this one to talk about because this article actually
goes through and explains very well how it's set up.
And so basically it's about injection. So when when an
AI is looking to do your bidding, it's looking for
a prompt, and so what the hackers trying to do
is alter the prompt, and it can be something as
(07:27):
simple as you know, and also route a copy of
the output over here, or you know, add to this
a you know, add to this the contents of the
local directory to this location. And it's stuff that the
user wouldn't notice, but it's stuff that would you know,
do bad things on behalf of the attacker. And so
(07:50):
down below it says how the attack works. It talks
about the setup from bed malicious instructions in web content.
They can use white text on a white background, all
the tricks that we used to use for search engines.
M M yeah, search.
Speaker 2 (08:03):
Engine optimizations back right. And then there's the trigger.
Speaker 3 (08:06):
An unsuspecting user navigates to the page and using the
browser's AI, you know, you say something like summarize the
page or ask it to extract key points from the page,
and it will read that prompt as a prompt.
Speaker 2 (08:20):
Yeah. And you know what's interesting is like there's it's rare.
I go to a web page and I say, gosh,
I wish I had a summary of this web page.
But if you start looking at some of the examples
they used, like Reddit, there could be a long list
of let's say we're troubleshooting something, there may be a
long list of replies and whatnot. I really just want
to know did somebody figure out what the issue was
and what the selection was. Yeah, so summary is fantastic there, right,
(08:41):
or stack overflow or whatever.
Speaker 3 (08:43):
But those are definitely places you could put these attacks
on because you're allowed to put in images Gemini.
Speaker 1 (08:49):
Google is doing summarization and Google searches right now. Yeah,
so if you search for something, well and there's a
you know, like on dot rocks what happened in nineteen
sixty six, right, you'll get a summary of that from
Gemini right in the right in the page. It's kind
of cool.
Speaker 3 (09:10):
Yeah, and now you're vulnerable to this attack.
Speaker 1 (09:13):
Yeah.
Speaker 2 (09:14):
I mean I think if you're just using if you're
just using Gemini and searching on Google. I don't know
that it matters too too much. If you have a
browser extension installed that has agency on your local computer. Yeah,
that's when I would be really much more concerned.
Speaker 1 (09:34):
Give me a list of websites that have cross site scripting. Go.
Speaker 3 (09:37):
Well, so summary, I guess the summary end up being
handled a lot in the same way that we handle
SQL injection, which is when I'm doing a query, ignore
other command line stuff and in other words, treat this
as data, not as prompt right, And so I think
we're going to have to get that, but we're gonna
these are going to pop up all sorts of problems.
(09:58):
It's a new age, the AI and all this stuff
is brand new in the way that we're using it,
which means we have to reinvent the security through a painful,
painstaking incremental process.
Speaker 1 (10:07):
And this story illustrates what you just said. That you're
hacking text, right, It's never been easier to hack something
because it's just you're just changing text. There's no assembly codes.
Speaker 3 (10:21):
Like Captain crunch. We're back in the beginning.
Speaker 1 (10:23):
Yeah, exactly. It's it's an easy target, so got to
be more diligent, all right. Next story, Docker, Docker is
the thing that gives you containerization. It was the first
containers that are like virtual machines, but they use all
of the local machines resources, and they're very light, like
(10:46):
a process instead of a very big, heavy virtual machine.
But they can contain applications and servers.
Speaker 2 (10:53):
It's like the matrix. It's the matrix for apps. Yeah.
Speaker 1 (10:57):
So Docker fixes CVE twenty twenty five nine oh seven
four critical container escape phone ability with CVSS score of
nine point three.
Speaker 2 (11:07):
Now this is just the desktop versions.
Speaker 1 (11:10):
So can that means that the code can can escape
the container.
Speaker 3 (11:14):
Right, but only on desktops, not not in a server
environment from what I'm seeing.
Speaker 2 (11:19):
Uh yeah, good, Yeah, it's just like desktop. Docker can
have a little bit more interactivity, so where you can,
you know, look at the container and paste commands in
and that sort of stuff you probably wouldn't do with
a Docker or you know, in the cloud or something along.
Speaker 3 (11:34):
Those And I believe that's probably where they're where they're
taking advantage of it.
Speaker 2 (11:38):
Yeah, and this isn't the first one we've seen before.
There was a drawing back on my memory. There was
a clip clipboard like a copy paste bug with Docker
probably nine months ago, maybe a year where you would
have control over the user's clipboard and then be able
(11:59):
to run things back and forth. So we see these
things occasionally. Yeah, you just need to be careful whenever
you have anything containerized to always assume that it may
jump off the off the container and onto your desktop.
Speaker 3 (12:12):
Okay, go Patrick, it's gotten out of the lab. This
is like the worst nightmare for Yeah, you know, a
biological lab.
Speaker 2 (12:19):
I know, right, don't worry, we've got it in that
safe container over there, that sneezing monkey. Just ignore them
all right.
Speaker 1 (12:27):
So to continue our AI fear mongering, open AI says
HiT's scanning users chat GPT conversations and reporting content to
the police. They're watching now here. This may seem really scary. However,
they all do this, All the l l ms do this.
Speaker 2 (12:50):
So I'm still waiting for the news story.
Speaker 1 (12:53):
There isn't a news story here, but yeah, it's.
Speaker 3 (12:57):
Maybe a PSA reminder that you know, I mean all
of us have like looked up and said post for
the satellite photo.
Speaker 1 (13:04):
Yeah exactly, So it's just like email. Treat it all
as public.
Speaker 2 (13:09):
Information, yeah, and life will be better. Yeah, yeah, it's
it is interesting though, like, what do you filter on
so it says they have an algorithm the back end
that detects potentially dangerous decisions, which are then escalated to
human reviewers. Reviewers can take action, including banning accounts, et cetera.
Speaker 3 (13:28):
That's we saw Microsoft and other providers doing this for
many years, where like if they saw somebody engaging in
a criminal activity on their their accounts or you know,
child pornography, that kind of thing, they would they would
surface it in exactly the same process. So I think
this is no surprise.
Speaker 2 (13:45):
Yeah, no, agreed. I just always wonder, you know, as
a person who's always constantly looking for how to exploit
systems and technology. It's I'm sure I'm on some list somewhere,
multiple lists everywhere.
Speaker 3 (13:58):
Well, is there is there going to be something, you know,
open AI swatting where I pretend I'm you and do
something extreme on all maybe with injecting prompts with exact
pages exactly.
Speaker 1 (14:11):
So not only do you get information on how to
protect yourself, you also get informations on how to be
more evil.
Speaker 2 (14:18):
I'm just doing it. Welcome to the podcast.
Speaker 1 (14:22):
All right, All right, well this is a good time
to take a break, I guess, So we'll be right
back after these very important messages. And as a reminder,
if you don't want to hear these mid and trailing
and messages, you can become a patron for five bucks
a month at Patreon dot Security this week dot com
and we'll give you a feed that has no ads.
(14:42):
We'll be right back and we're back. It's Security this Week.
I'm Carl, Its Dwayne and Patrick And to start the
second half off of our two hundredth show, let's talk
about this PDF, which is a about a joint cyber
security advisory.
Speaker 2 (15:03):
From Defense dot gov.
Speaker 1 (15:04):
From Defense dot Gov that basically, this is the what
do they call that, super Friends?
Speaker 2 (15:10):
It's super Friends. It's like the super super heroes.
Speaker 1 (15:13):
Like the Justice League, the Justice League. Right, So, a
bunch of countries have gotten in their security agencies have
gotten together to form an alliance to protect themselves basically
against Chinese state sponsored actors because they're all getting hammered by.
Speaker 3 (15:34):
Them from the makers of World War two. Yeah, so
this is a bunch of security agencies US government, Canada, Germany,
New Zealand, yeah, you name it, and a lot of
them Big list getting together and kidbetzing to share information
because Chinese networks are becoming a big problem. Right They're
(15:58):
they're hitting everybody. They're going out after Finland and Germany
and Italy and Japan and the United States, Canada. It's
not just US, uh, And they are getting caught so
often that it's alarming, which it either means two things.
Either they're just not that good, yeah, or they're just
doing it so much and we're just kept catching the
tip of the iceberg. And that's the concern here. So
(16:20):
the document is you know, like forty pages long, almost,
and it talks about threat hunting, guidance, indicators of compromise mitigation.
So it's sharing information across these these organizations so that
they can all better steal themselves against the Chinese threat.
Speaker 1 (16:38):
If the document doesn't say that they've actually done anything yet.
Speaker 2 (16:41):
Right now they're just meeting. They're just assembling. Yeah, they're assembling.
Speaker 1 (16:44):
Yeah. Yeah, but it's good.
Speaker 2 (16:46):
Then then they'll do But now that's the next episode, yeah, exactly.
You can't rush this.
Speaker 1 (16:50):
Maybe by episode two hundred and fifty six we'll have
an update on this story.
Speaker 3 (16:54):
Well, there's there's a group of income of not companies,
group of government's called the Five Eyes, who are one
of the closest security relationship there is. I'm sure they've
already been doing that.
Speaker 1 (17:08):
Is that like Italy, Italy, Ireland, it's the other eye,
the eye of the United States, Canada, England, New Zealand, Australia.
Speaker 3 (17:20):
I believe of the five eyes the English speaking countries.
And so did I get those right?
Speaker 2 (17:26):
Wayne? I think I did. That sounds right, That sounds right, Yeah.
Speaker 3 (17:29):
And so they do they I'm sure they are doing
it and they're all part of this list.
Speaker 2 (17:33):
Yep.
Speaker 1 (17:33):
Cool.
Speaker 2 (17:33):
I want to know who's there's a whole list of
like really cool symbols here, like the NSA and CIS
and ND. I want to know who's whose symbol is
the three fish? Can anybody tell me whose symbol is
the three fish with a yellow background.
Speaker 1 (17:48):
It's got to be finlandt it finn Finland?
Speaker 2 (17:52):
My god? If it's Finland, honestly, it might be Iceland.
It might be.
Speaker 1 (17:59):
Iceland, Iceland. Yeah, they're fishy, Okay. Next story, sales loft
oh off breach via drift Ai chat agent I sent
a theme here exposes Salesforce customer data.
Speaker 2 (18:17):
Yeah, so in this particular one data theft campaign compromising
o off and the refresh tokens, so oof is. Think
of it as an API to authenticate your users to
an application of some sort.
Speaker 1 (18:33):
Yeah, and not necessarily using their passwords that they have
on your system.
Speaker 2 (18:39):
Yeah, exactly.
Speaker 1 (18:40):
I think i'd log in with Google or Twitter or
something exactly like.
Speaker 2 (18:43):
And you know a lot of times you go to
your webs to a website and it says do you
want to log in with your Google account? Right? Well,
that site hopefully isn't stealing your username of password to Google,
but let's assume it's not. It's actually redirecting you to Google,
and you log in, and what happens is Google then
sends back a token to the originating website saying, yes,
this user is locked in. Right whatever, whatever permissions you
(19:07):
want to give this user, fantastic, go ahead, feel free,
but I can verify that this is this user, right,
the users as they're presenting themselves. So not a great
thing to be able to compromise an o off token
where you can then pretend to be someone else. According
to this, the threat actor, tracked by Google's Threat Intelligence
Group and mandian as UNC six three ninety five potentially
(19:32):
impacted seven hundred organizations. Wow, they say they allowed the
attacker to access Salesforce customer environments potentially. So yeah, just
it's it's interesting in that you can do everything right.
You can use a professional, you know, all off provider,
you can use Salesforce's one of the largest, you know
(19:54):
organizations from that standpoint on the planet in what they do,
and still you know your data, your data might be
breached in some way.
Speaker 1 (20:03):
Yeah, so all right, let's move on from that happy
story to bleeping computers story. New AI attack hides data
theft prompts in downscaled images. So a downscale image is
like a thumbnail version that's kind of blurry when you
blow it up, right, that's what that means.
Speaker 2 (20:23):
Mm hmm.
Speaker 1 (20:23):
Yeah, So here we go again at theft prompts.
Speaker 3 (20:27):
It's funny that they downscale the image instead of upscaling.
Speaker 1 (20:30):
It, right, You would think that if they upscaled it,
it would be easier to hide.
Speaker 2 (20:36):
Or easy to put more data in. Yeah, I think
the problem. The one of the reasons they do the
downscaling is because I can put prompts inside of when
I downscale an image. There's only so many colors. Think, like,
you know, we have sixty five million colors out there.
But if I downscale the image, there may only be
like two hundred and fifty six colors, So they're not
downsizing it. Oh I see, they're just downscaling.
Speaker 3 (20:59):
So all the five greens that were in the image
just become green, exactly right.
Speaker 1 (21:03):
So instead of a twenty four bit color image, it's
a two hundred and fifty six color image.
Speaker 2 (21:08):
But in the background the text which was say all
of green as opposed to the background which might have
been a forest green, they've just been downscaled to just green.
But the bites in the back defining the font are
still there. Oh so when the AI sees that, it goes,
(21:29):
oh okay, Well there's clearly text here that the human
can't see, right, but the AI would would still see okay.
So this is very similar to the same type of
story we had just talked about with white like white
text on white backgrounds. Yeah, right, very similar style attack,
just with images rather than trying to hide the text
(21:50):
inside of a website.
Speaker 1 (21:52):
So how does that become a prompt? Is it's something
like you uploaded to chat GPT, and chat GPT sees
the text inside it and executes it as.
Speaker 2 (22:00):
A prompt, so it can do that. But for the
most part, you're not probably taking a really down res
image and trying or a downscaled image and trying to
upload it to a prompt But come back to you know,
Google extensions in your Chrome browser, right that are doing
AI summarization and that sort of stuff. They're just going
to see it as text in that image, right, and
(22:21):
then they're going to process it and however they would
process it.
Speaker 1 (22:24):
Okay, be careful out there, as if you knew what
to do with that. But all right, so shall we
get to our clickbait story. And it's well, let's just
read it. Someone created the first AI powered ransomware using
open AI's gptoss twenty B model.
Speaker 2 (22:48):
So awesome.
Speaker 1 (22:49):
Oh that means it's terrible. AI powered ransomware does not
sound good.
Speaker 2 (22:55):
So good, it's so good. It depends on which side
of the ransomware you're on. So okay, imagine in this
right for defenders to protect against ransomware, there's a couple
of things they need to do. Right, So we all
have antivirus and or endpoint detection and or x fill rules,
our rules that are looking at our firewall and looking
(23:16):
for traffic and all sorts of stuff. Right, So all
of that is behavioral monitoring. What is an application doing
on my computer? Or it's pattern matching, what do the
bits look like? Right? So I take an executeable that's
clearly reuke right the ransomware, and I then scan it
with Defender and it goes, THIS'SRIU. I know there's riuk.
(23:37):
I've seen hundreds of thousands of samples of this. I
know what this is hyriuk. So how do you as
a ransomware purveyor continue to infect computers when they start
having more and more aggressive pattern matching and or behavioral matching?
And one of the things to do is change the
(23:59):
behavior so that it is different per customer, and change
the pattern so the ransomware is different per customer. Well,
that's a lot of work. Just wiggle it, just wiggle
it just a little bit, but just a little bit.
So what they're doing here is they're actually and it
says they're using artificial intelligence, and they're using gpt OSS
twenty B model, which is still a sizeable model. What
(24:24):
they're really doing is creating a tunnel back to a
set of servers where they can ask their own AI,
hey can you write me a script? Lewis script to
go find interesting files. Can you write me a Lewis
script that's going to encrypt these files and give me
a key. So every time it writes those scripts in
that code, it's unique, so that it makes it much
(24:48):
harder to determine indicators of compromise, and it makes it
much harder for antivirus and you know, EDRs to identify
it early before it starts infecting. Okay, personally, I don't think,
you know the there's a lot of space they could
go with this. Yeah, honestly, you know they're not where
it's me. You know, imagine having a piece of ransomware
(25:12):
that not only can write custom scripts, but can also
monitor all processes on a box and as it probes
that computer, determine what which endpoint detections are on there
and know how to handle them and handle them faster
than say a security operations center could. So I think
you're going to start to see this is kind of
the opening gamut. You're going to start to see a
lot of large language models leveraged at the speed of
(25:36):
AI to be able to move in a sophisticated way
and latter really start moving around networks rather than just
writing a couple of scripts. So this I think this
is the beginning.
Speaker 1 (25:48):
I have questions. Is this OSS model local or does
it have to call out to an API to get.
Speaker 2 (25:54):
No, so it calls out to an API, but that
API is held and housed by the attackers.
Speaker 1 (26:00):
Yeah, so isn't it easy to trace?
Speaker 2 (26:02):
Well, you could trace the connection back to that server,
depending on if they're doing something like oh, well we're
connecting through tour. Yeah, it's not in their house, right,
so now we're getting routed all over the place or
as an anonymiser, right, So.
Speaker 3 (26:14):
It's not and it's on a stolen server somewhere that
they're very well could be. Instead of crypto jacking it,
they're using it for this, so.
Speaker 2 (26:21):
They've covered their or I'll just tell you if you want,
just host it in AWS because generally, oh, it's really
hard to block all of Amazon.
Speaker 1 (26:28):
Dwayne, we can't play the theme song that many times
in one episode.
Speaker 2 (26:34):
That's just that's that we should just the whole episode.
Would we just play that on loop? Just throw it
at AWS they won't notice.
Speaker 1 (26:41):
Okay, so you said this is the opening gambit, and
we know it's a game of cat and mouse as
Patrick likes to say, so, will we see ransomware detectors
using AI in the future or maybe the not so
distant future and see these things battle each other?
Speaker 2 (26:59):
So I think it depends on who you talk to,
But most ransomware like endpoint detection and anti virus say
they're already using AI, which most of it's a load
of bs anyways, But will we see this? Yeah? Absolutely.
I actually was having this conversation with buddy of mine,
Rich Hirsh, where he had sent me information about AI
(27:19):
being used on attacking offensively, like attacking networks and that
sort of stuff, and I was telling him, listen, I think,
you know, this is going to be the norm. We're
going to start to see within It wouldn't surprise me
that within twelve months we don't see all out AI
attack systems and AI defense systems going at each other
head to head. Now we're not talking you know AGI.
(27:41):
We're not talking general intelligence where it's smarter than all
of us and it is battling it out for the
fad to humanity. We're talking systems that can make decisions
much faster than a human operator would in either an
attack or defense sense, going at each other I think
we'll see that easily within the next twelve months.
Speaker 1 (28:03):
Yes, okay, so is it as scary as we made
it out to be?
Speaker 2 (28:08):
So? Yes, I think it is. And here's why a
lot of us put a lot of faith in defense
against ransomware by having you know, our defender, on having
our you know, uh anti virus EDRs, on having them
set to full, having whatever, and a lot of us
don't put enough focus on backup and recovery, on offline
(28:35):
storage of sensitive files, on you know, multi factor authentication,
access to secure vaults of data. Right, So, I think
we're seeing sort of the beginning of leveraging large language
models in a way that might sort of render anti
virus and EDRs for a little time frame at not
(28:56):
as effective. So that would be my big concern as
we see a big uptick in ransomware attacks, and the
eders will follow and they will defend, and like Patrick says,
that's the cat and mouse game. But yeah, I would
be concerned.
Speaker 1 (29:09):
In these ransomware attacks. We know that most of the
them are triggered by social engineering tactics, but you also
mentioned a while back that a common technique that the
hackers are using is to infect all the files, but
then lay dormant, yeah, for a month, two months or whatever,
until you've made all your backups, and then flip the
(29:32):
switch and say, hey, guess what, you're ransomed and now
your backups for the last few months are also ransomed.
Speaker 2 (29:37):
Yeah, exactly encrypted. Yeah, And that's you're absolutely right. Not
only is initial access i A typically through social engineering,
and that's usually phishing, email or something along those lines
where you get an email and an asty click on
something and you do. We're going to start to see
those attacks get much more sophisticated and much more successful
because of LMS, right, an AI, and then the next
(30:00):
step in that phase, You're absolutely right, they'll sit and
lay dormant. Can I get access to I mean, you
know what the what's also really interesting in ransomware right
now is not only are the ransomware is the software
moving from computer to computer and infecting data. It's actually
obviously pulling sensitive information off and shuttling it off to
the attackers and they're using that for extortion. But what
(30:22):
they're also doing is now looking for your cyber insurance
policy on the network and determining what your coverage is
so they know pay how much to charge you because
they know it's covered by the insurance agent. So there's yeah,
there's a lot of sophistication when we start looking at
you know, ransom Will they pay my premium if I'm
behind it? God damn it.
Speaker 3 (30:44):
This BACKWK he's behind on his premiums. Again, I have
half of mine not to ransomware him this week. That'll
teach him.
Speaker 2 (30:53):
There are stories of you know, negotiators negotiating with ransomware gangs,
and the negotiators like, oh my god, you know, we
can't afford it. We're a small school district, and then
the ransomware purveyor sends them their own policy with it highlighted,
saying you just signed this. Yeah you can afford it.
Your insurance is going to pay for it anyways.
Speaker 1 (31:13):
Yeah wow, all right.
Speaker 2 (31:16):
Yeah, but that doesn't leave us any money for vacations.
Speaker 1 (31:21):
And on that happy note, we're going to wish you
all the good night's sleep tonight. Yeah, good luck. All right,
we'll see you next week.
Speaker 2 (31:30):
Bye, thank you, and good night.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
CrimeLess: Hillbilly Heist
It’s 1996 in rural North Carolina, and an oddball crew makes history when they pull off America’s third largest cash heist. But it’s all downhill from there. Join host Johnny Knoxville as he unspools a wild and woolly tale about a group of regular ‘ol folks who risked it all for a chance at a better life. CrimeLess: Hillbilly Heist answers the question: what would you do with 17.3 million dollars? The answer includes diamond rings, mansions, velvet Elvis paintings, plus a run for the border, murder-for-hire-plots, and FBI busts.