CISA Fights SQL Injection; Attackers Target AI Framework; NVD Update

I always consider SQL Injection the "least necessary" vulnerability. They are easily prevented, and one of the easier vulnerabilities to identify. The critical SQL injection vulnerabilities reported in many critical enterprise products are an indicator of how "Ship Fast" will always beat "Secure by Design". Use announcements of SQL injection vulnerabilities, in particular repeated and critical vulnerabilities that can lead to code execution, as the canary to tell you to run from a vendor.

We know how to solve most SQL Injections, but there is no reason that this bug should exist. Yet here we are with a developer writing software that concatenates SQL into the parser from the user. This is solvable; let’s solve it.

CISA began issuing Secure by Design alerts in GFY24. This is the fourth such alert. In the short term, the alerts provide useful secure by design principles for product vendors. In the long term, the alerts can be used to build the case for legal liability claims against product vendors that ship vulnerable products.

Don't get distracted by the term "secure by design," it's a mindset that is going to take culture change, like always making sure you're mitigating SQL Injection and XSS risks, most commonly by sanitizing input. This bulletin is more about building the culture and mindset than about the specific techniques to reduce risks of SQL injection. Take ownership of the needed processes and support them from the top. Don't be the subject of the next vulnerability disclosure.

The "rush to AI" led to organizations purchasing rather expensive equipment without knowing how to use them, and without concern as to how to secure them. "Ship Fast" beats "Secure by Design" every day, and who has the money to spare for a $1,000 firewall if you just spent it all on a $100,000 AI "box"? Maybe AI will eventually tell them how to secure these systems. Note that whenever you hear that these systems are infected by crypto miners, what really happened is that these organizations are not sophisticated enough to detect anything else.

Since this is the third AI-flavored item in today’s NewsBites, the point is obvious: much like back when the internet and Windows were built with “need to share” being emphasized over “need to know” or “need to keep running,” AI software and services are on the same trajectory. A good example to show to management is Microsoft’s September 2023 exposure of terabytes of sensitive information by an AI model run insecurely on their own Azure services.

The flaws allow for altering the AI model, grabbing company data, capturing credentials and remote code execution. CVE-2023-480222 has been dubbed ShadowRay by the Oligo group, as the first known instance of AI workloads actively being exploited in the wild through flaws in modern AI infrastructure.

Part of the problem is a 12% budget decrease for NIST. Combine this with a large increase in the number of vulnerabilities and challenges in moving NVD forward to incorporate new standards to identify software. The load of maintaining NVD needs to be better distributed, and the new “NVD Consortium” will hopefully help.

Keep an eye on this: that enrichment/analysis of CVEs is a critical source of information to help triage vulnerabilities. While some security companies started working on alternate sources of this information, the latest version FedRAMP requires cloud service providers to use the NVD as their source of truth and remediate all known vulnerabilities inside it. It is expected that the consortium will not only provide resources but also funding to ensure the analysis process continues in a sustainable fashion.

Consider yourself breached if your Exchange Server has a few unpatched vulnerabilities. These flaws are known and have been exploited. The bigger problem is that the organizations that have not patched their servers probably won’t read this newsletter, so someone may want to alert them.

Close to 40 percent of all Exchange servers operating in Germany are vulnerable to attack. That is eye-popping. Outside of stealing credentials, exploiting known vulnerabilities is the second most used attack technique by cybercriminals. Should any of these organizations fall victim to attack and get hauled into court it will be difficult to argue they maintained a standard duty of care.

It would be naive to believe that this problem is unique to or limited to Germany. That there are that many in one European country is simply a measure of how widespread the problem is.

Surfing the AI wave, NVIDIA’s stock price/market cap/profit has skyrocketed. NVIDIA needs to do what Zoom quickly did when the pandemic caused Zoom use to leap – an immediate “pencils down” stop to new code and firmware development and a in depth code security review to make sure NVIDIA isn’t baking in flaws that will doom AI to “insecure by design.”

ChatRTX is an AI chatbot that runs locally on your RTX 30 and 40 series Nvidia GPU, which is an upside for folks wishing to deploy a local or private AI engine. While the flaws can be mitigated by updating to version 0.2 of ChatRTX, for some reason the flawed version of ChartRTX is also marked version 0.2, so what you really need to do is a reinstall.

Part of AI governance is making sure your company/agency is NOT using AI fraudulently, illegally, or in other risky manners. This includes all use of AI used in service/product delivery and in securing your infrastructure. The SEC does audit claims such as “we use AI-based tools to reduce the risk of another ransomware attack doing what the last three did to us…”

I am not sure what entails AI Washing in this article per se, but does this mean that IT companies could also be liable for these types of claims? What is that AI meme, “We Use AI, but it's just a bunch of if/else statements”?

AI washing refers to a tactic companies use to exaggerate their use of AI technology in their products. This finding is directed at marketing, where AI washing is used to drive sales. I'm not sure we can tell the marketing staff not to exaggerate capability; AI and ML have been in the lexicon too long. Today's focus needs to be on ethical and secure use of AI rather than marketplace position.

Allocate time to review this: it's 447 pages, which is a lot to digest. The required reporting will be exempt from public disclosure, and it's expected this rule will impact over 316,000 entities which are expected to submit over 210,000 reports over the next decade. Other entities already required to report to CISA are bound by similar timelines and conditions. If you're in scope, particularly if you're in the critical infrastructure sector, set aside time to read and comment on this draft.

The most controversial aspect of the rulemaking is the requirement to notify CISA within 24-hours of a ransomware payment. It doesn’t imply the payment is illegal, just that you must notify government (CISA in this case). Stay tuned as positions are taken with an organization’s response to the NPRM.

Agencies will reference this as OMB M-24-10 which refines EO 14110 on the safe, secure and trustworthy development and use of AI, comes with a bit of work which is ongoing. The agency-implemented plans and guidance on AI must be submitted to OMB within 180 days and every two years thereafter until 2036. They are also required to post their plan to achieve consistency with this memorandum or a written determination they don't use the covered AI, aka an exception. Additionally, agencies have to inventory their use of AI, for covered use cases, and report on AI use cases not subject to inventory, these must also be reported annually and posted on their public websites.

Of note is the creation/designation of a Chief AI Officer (CAIO). Government often does this to focus leader attention to the matter. A natural question is the interplay between this role and the roles of CTO and CIO. Over time these roles will likely change.

This is a governance, not a management, requirement. It specifies what must be done but does not prescribe how to do it.