SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
Top of the News
DeepSeek R1 Release, Cyberattack, and Jailbreak
On January 20, 2025, a new open-source AI model was released to the public from Chinese tech startup DeepSeek, available for use in apps, on a web page, via cloud API, and locally. The new R1 model represents a jump in functionality at an ostensibly lower cost and higher energy efficiency relative to comparably capable models such as o1 made by OpenAI, specifically involving "reasoning" to consider approaches when problem-solving, and "time test scaling," described by Rand Researcher Lennart Heim as "thinking out loud," which the model then uses for further training without additional data sources. DeepSeek's privacy policy notes that the company collects and will use many types of data to train new models, such as text, audio, prompts, feedback, and chat history shared with the chatbot; user account information and personal details; data about users' devices, operating systems, crash reports, keystroke patterns, cookies, and IP addresses; and advertising data such as mobile IDs and cookie identifiers for profiling users' activity outside the AI model. Unless users are operating a local walled version, DeepSeek sends collected data to servers in the PRC. On Monday, January 27, the company announced that new signups on the web chatbot interface would be limited due to "large-scale malicious attacks." Commentary from experts suggests that the company's notice is characteristic of a DDoS attack, but this has not been confirmed by DeepSeek. The same day, researchers from Kela published a blog post describing their red team's success "jailbreak[ing] the model across a wide range of scenarios, enabling it to generate malicious outputs, such as ransomware development, fabrication of sensitive content, and detailed instructions for creating toxins and explosive devices." Techniques such as telling the chatbot to act like an "evil confidant," or even "a persona that has no restrictions," will jailbreak DeepSeek R1, but no longer work on ChatGPT. R1 also complied with a request for personal information about OpenAI employees, providing erroneous information but demonstrating no guardrails around this type of request.
Editor's Notes
- Slide 1 of 4
As the newest industry member in the LLM space, one can expect it to be poked and prodded by researchers, competitors, and criminals alike. What's important is for organizations to have an AI Acceptable Use Policy and training in place before using the AI models. Else, they may find that company sensitive data has been collected on servers throughout the world.
- Slide 2 of 4
I was about to suggest "use with extreme caution." However, on second thought I cannot think of a safe way to use this product. In any case, keep in mind that you are responsible for everything that you ask any computer to do and for all the properties and uses of the results.
- Slide 3 of 4
DeepSeek is massively undercutting OpenAI on pricing, due to it operating on standard CPUs efficiently, as its API costs just $0.55 per million input tokens and $2.19 per million output tokens, compared to $15 and $60 for OpenAI's API. One problem is that DeepSeek servers, which also house user device and connection information, usage patterns and payment details, fall under China's 2017 National Intelligence law, which mandates Chinese companies assist state security agencies upon request, providing a potential data conduit for the PRC. DoD and other agencies are already blocking access to the service because of this. Secondarily, if you're looking to research the service, DeepSeek appears to have certain responses tuned to avoid any direct criticism of China or the Communist Party.
- Slide 4 of 4
This model is interesting because, by definition, it must be developed with very constrained systems. At the same time, in the US, we keep adding more and more GPUs, so the constraints didn't necessarily have to be accounted for. The model is open source so that anyone can read through the algorithm and all that. Am I worried about this? This could be a bit of posturing from other governments to 'prove' they have the right chops. I think universally, everyone benefits. Now, to address the security concerns. Every company in the PRC has to abide by all the laws of their system, including the ones that ByteDance has. It's not surprising that information is collected. We can move that entire conversation into geopolitical in a different forum, so that's not exciting. DDoS? It's hard to say it's plausible; it could also be plausible that the entire internet is trying to sign up. If you remember, ChatGPT, when first launched, also appeared to be DDoSed. It's hard to say because the transparency with systems in that country is less than - well - transparent. Finally, the attackers' research. It appears this hosted Chatbot lacks many of the guardrails that other more mature chatbots have. It's not surprising to see all of the workarounds working. It will be interesting to see if it has to abide by any censorship guidelines and if those are now in place. How about we give this story 6 months to bake, return to it, and take the temperature then? For those just getting here, if you wonder about my stance on all this, I have some Bored Apes you may be interested in for 25 million dollars. I'm just kidding; this technology has some material use. RIP my inbox.
Slide 1 of 0- Slide 1 of 4
ENGlobal Suffered Six-Week Outage from Ransomware
ENGlobal, a Texas-based "single source company providing Engineering, Procurement, Fabrication, Construction Management, Modular Process Systems, [and] Integration & Automation for EPFCm projects," holding major contracts with US federal agencies and private companies, has submitted an amendment (Form 8-K/A) to its previous report filed with the US Securities and Exchange Commission (SEC), disclosing additional details about a ransomware attack that took place in November, 2024. The attack reduced ENGlobal's access to its operational applications, including financial and operating reporting systems, for about six weeks, and gave the threat actor access to a system containing "sensitive personal information," though the report does not specify the scope of the breach nor whose information was accessed. ENGlobal "intends" to notify any possibly affected parties, and does not believe the incident had or will have a material impact on the company.
Editor's Notes
- Slide 1 of 5
If I was the CEO of a company that had certain systems go down for 6 weeks without causing a material impact, I'd look at turning those systems off permanently to gain positive material cost savings.
- Slide 2 of 5
This is an interesting story, as many people think we don't make much in the US anymore. We will build more factories in the US if we start to re-shore factories. There will be many geopolitical reasons, one of which may be population density. If you are in Info Security, consider looking at the security of these factory floor operations as a niche, because the number of factories has increased in the last few years and will continue. This is also a geopolitical story, so bear in mind that this will also apply to countries like Vietnam, Countries in Africa, Mexico, Central America, and India.
- Slide 3 of 5
A study from Illumio Research finds that Ransomware remediation is now taking an average of 132 hours (17 working days), requiring 17.5 people and that 58% of organizations had to shut down operations after an attack, which is up from 45% in 2021. It further found that costs from reputation and brand damage exceed those from legal and regulatory actions. Latstly, failure to prioitize investments to boost resilience is impacting the ability to identify and contain attacks. Revisit your Ransomware response/recovery plans with a eye to these findings: https://www.globenewswire.com/news-release/2025/01/28/3016416/0/en/Illumio-Research-Reveals-58-of-Companies-Hit-With-Ransomware-Have-Been-Forced-to-Halt-Operations.html
- Slide 4 of 5
The slow drip of information on a cyber incident only helps the adversary. Nearly 90 days later, parties that lost their sensitive personal information are still waiting to be notified by the company. It really doesn't appear that SEC cyber rule changes have made any difference, other than informing the federal government.
- Slide 5 of 5
Another instance in which the compromise of PII, though an obvious problem, is dwarfed by the loss of mission-critical applications and capabilities.
Slide 1 of 0- Slide 1 of 5
UK Cybersecurity Agency Seeks to Eradicate 'Unforgivable' Vulnerabilities
The term 'unforgivable vulnerabilities' was coined by Steve Christey in a 2007 MITRE paper; they are described as 'beacons of a systematic disregard for secure development practices. They simply should not appear in software that has been designed, developed, and tested with security in mind.' In a research paper published earlier this week, the UK's National Cyber Security Centre (NCSC) 'proposes a method that allows security researchers to assess if a vulnerability is 'forgivable' or 'unforgivable'. The method outlined in the paper effectively quantifies how easily the mitigations required to manage the vulnerability could be applied.' The NCSC identified 11 top-level mitigations that include, but are not limited to, input validation, output encoding, reducing the attack surface, sandboxing, and separation of privilege, assigning each an 'ease of implementation' score. The mitigations were identified as means to address 'the root cause of vulnerabilities (opposed to the details provided in the individual vulnerability advisory), using the CWE Top 25 Most Dangerous Software Releases for 2023.Ó
Editor's Notes
- Slide 1 of 5
I've always summarized papers like this with one line: "If companies buy crappy software, vendors will write even crappier software." This paper puts it more eloquently: 'Put simply, if the majority of customers prioritise price and features over 'security', then vendors will concentrate on reducing time to market at the expense of designing products that improve the security and resilience of our digital world.' In Roman times 'caveat emptor' (buyer beware) put all the onus on the buyer to make sure the ox being bought was not diseased, and in 1603, Britain put that in their contract law. But in 1979, the UK came out with the Sales of Goods acts (updated in 2015) that gave buyers redress for 'perishable' goods that were already perished when sold - kinda like much software today! Here's an idea: if we have broad political support in the US to ban Tik Tok over security concerns, how about banning the many, many applications with 'unforgivable' vulnerabilities that cyber criminals are exploiting every day?
- Slide 2 of 5
Unforgivable vulnerabilities are those which represent a disregard for secure development practices, of which the paper identifies thirteen, initially identified by Mitre in 2007. The 11 mitigations are intended to manage the occurrence of these vulnerabilities. In addition to unforgivable, two other categories of vulnerabilities are identified: forgivable, where the implementation is expensive, unknown, subtle, or mitigation is too expensive; and non-exploitable where there is no code path to exploit it, it has been mitigated, or it is unlikely chaining vulnerabilities will result in exploitation. In 2017 it was found that software source code in systems doubles every 3.5 years due to user demands for added functionality as well as increased processing capacity to handle the increased functionality, which results in a similar increase in the number of defects, highlighting the need to implement those mitigations sooner than later in the software lifecycle.
- Slide 3 of 5
Steve Lipner suggests that most attacks exploit incomplete input validation. Most remote code execution attacks exploit this. Input validation is harder than it looks, at least in part because the developer cannot know all about the environment in which his program may run. Better to maintain separation between data and procedure, as in IBM iSeries and iOS, such that procedures cannot be modified, and data, input or otherwise, cannot be executed. Fred Cohen reminds us that "in a world of application-only (non-programmable) devices we could enjoy most, though not all, of the value of the modern computer." The problem is that there is a market preference for late programmability. That is why Windows is so popular and Android exists.
- Slide 4 of 5
I've always loved this idea of 'Unforgivable' vulnerabilities. If you read through the NCSC document, there are so many common sense ones. For example, Data Input Validation bugs, like some of the stories in this NewsBites newsletter, potentially are cheap to implement and correctable mistakes that we should classify as 'unforgivable.' This is not to pass judgment on everyone, but to say that some bugs are easier to fix than others. Secure Architecture (Secure by Design?) is a really hard one to solve. One example is the notion of Shift Left. 'Write secure code.' Or, 'Just let the system make sure you write secret code.' We have been chasing this idea for almost 2 decades now. The number of CVEs does not correlate with fixing this problem. As such, that one is rated as hard. Overall, the methodology appears sound, although there may be some ambiguity in the scoring, but don't let perfect be the enemy of good or something like that.
- Slide 5 of 5
What a cute naming scheme. The reality though, is that secure software development practices have been around for decades. Two excellent sources are: SAFECode.org and the NIST Secure Software Development Framework (SSDF). Instead of classifying whether the vulnerability is forgivable or not, implement the security best practices. That will go further in moving the industry towards secure by design.
Slide 1 of 0- Slide 1 of 5
The Rest of the Week's News
Zyxel Flaw (not the one we mentioned on Tuesday) is Being Actively Exploited
Researchers at GreyNoise have detected active exploitation of a critical zero-day command injection vulnerability in Zyxel CPE devices. The issue (CVE-2024-40891) was first reported in July 2024 by VulnCheck. GreyNoise researcher Glenn Thorpe writes that "attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration.Ó Data gathered by Censys indicated that there are more than 1,500 vulnerable devices detectible online. There is no patch currently available, and the CVE does not yet have an NVD entry.
Editor's Notes
- Slide 1 of 2
This exploit has been added to existing Mirai botnet variants, yeah those are still operating. CVE-2024-40891 is similar to CVE-2024-40890 except that the former is Telnet-based while the latter is HTTP-based. Both attacks are unauthenticated and leverage service accounts such as supervisor or zyuser to gain privileged access. While there is no patch, you can limit access to management interfaces, as well as blocking Telnet. Addtionally block and hunt for activity from the IP addresses listed in the GreyNoise blog.
- Slide 2 of 2Last story was impactful, from my recollection, because of the physical requirements to console. This time, we must talk about telnet. In 2025. I'm just going to be honest: why not just use Gopher and turn on r-commands and telnet? I'm just saying this because I feel like keeping Telnet enabled now is the equivalent of just giving up on things. Unauthenticated privilege escalation on telnet on an Internet-connected device that, well, frankly, you cannot do much about because if you have one, it's in front of the firewall. I would say patch, but there is no patch at the time of this writing. They probably have a decent stack, to be honest, but this is not good. And for reference, all of the enterprise security vendors that keep telnet in their code for , you are in the same boat here. Remove telnet. Even Windows supports SSH; let that sink in.
Slide 1 of 0- Slide 1 of 2
VMware AVI Load Balancer Vulnerability
Broadcom has published a security advisory describing a high-severity unauthenticated blind SQL Injection vulnerability in VMware AVI Load Balancer. The vulnerability could be exploited to access the database and cause additional problems. Patches are available to address the flaw; Broadcom does not offer workarounds for the issue.
Editor's Notes
The AVI Load Balancer provides multi-cloud load balancing, WAF, analytics and container services. CVE-2025-22217, AVI Load Balancer blind SQL Injection flaw, has a CVSS score of 8.6, and affects version 30.1.1, 30.1.2, 30.2.1 and 30.2.2. Note you need to update 30.1.1 to 30.1.2 before you can apply the 30.1.2 patch. 30.2.1 & 30.2.2 each have patches. Versions 22.x and 21.x are not vulnerable, albeit version 21.x doesn't appear to be getting updates. This is a good time to look at moving to version 30.2.2p2 or higher.
International Law Enforcement Effort Disrupts Cybercrime Forums
An international law enforcement effort led by authorities in Germany has taken down domains associated with cybercrime forums, including Cracked and Nulled. People attempting to visit the targeted domains will be greeted by a banner declaring that they were seized as part of Operation Talent, which involved law enforcement from Australia, France, Greece, Italy, Romania, Spain, and the United States, and well as Europol. The three-day operation resulted in two arrests, seven property searches, 17 servers, and more than 50 electronic devices seized, and roughly EUR 300,000 (US $312,000) in cash and virtual currency seized.
Editor's Notes
- Slide 1 of 2
For such a popular set of forums, only seizing 300K euros may be the most interesting part of the story. Either it's all hidden away, and we haven't found it all, or they just didn't have the money and lost their street cred. I'm betting there may be more somewhere else. Oh, and, yeah, I bet another forum will pop up somewhere else. Did anyone find it funny it was called Operation Talent? That has fueled some speculation as well.
- Slide 2 of 2
Dismantling cybercrime hubs continues to be a major focus for law enforcement, with this takedown identifying a total of eight people as directly involved with the service, two of whom were apprehended. Beyond the domains/servers seized, a financial processor Selix, and hosting service StarkRDP were also taken down, operated by the same suspects. Services provided included AI-based tools and scripts to help discover flaws and optimize attacks, which included far more personalized and convincing phishing messages.
Slide 1 of 0- Slide 1 of 2
Smiths Group Discloses Cybersecurity Incident
Smiths Group, a major UK engineering firm, has disclosed a breach of its systems in a filing with the London Stock Exchange. The firm supports industries including "petrochemical, mining, pulp & paper, water treatment, semiconductor testing, heating elements, automotive, and rail transportation," as well as oil, gas, and energy, aerospace and defense, and travel security screening and defense scanners. The filing and the company's subsequent statements provide little detail beyond "unauthorized activity" and ongoing recovery and investigation; The Record notes that "the engineering and manufacturing sector is a popular target for cybercriminals, as well as nation-state hackers, because of the economic importance of the companies involved and the often sensitive nature of the work."
Editor's Notes
Talk about lack of information in an initial report. No discussion on when the attack was discovered, what systems were affected, potential loss of data: nothing other than detecting unauthorized access. The LSE could learn a thing or two from the SEC Form 8-K.
Maryland Health Group Recovering from Ransomware
Maryland's Frederick Health medical group "proactively took [its] systems offline" following detection of a ransomware attack, as stated in an advisory released January 27, 2025 and updated the following day. All medical offices and laboratories are still operating except for the Frederick Health Village Laboratory, and while "most appointments are continuing as scheduled," patients may still experience delays, and can work with the office team to take care of rescheduling. While third-party experts investigate and restore the systems, the medical group is operating "using established back-up processes and other downtime procedures." Frederick Health employs almost 4,000 people and serves a growing county with a population of nearly 300,000.
Editor's Notes
Their outage notification has been updated adding the Mt. Airy Laboratory as being temporarily closed. They also provide guidance on things to bring with you to facilitate manual check-in for your appointments, and are letting patients know that prescriptions will be provided on paper rather than electronically filed with their pharmacy. Note their patient portal is also unavailable.
South Africa's Government Weather Service Website is Offline Due to Cyberattack
The South African Weather Service (SAWS), South Africa's government-operated weather service, has been disrupted by a cyberattack. SAWS is a critical service for the country's transportation and agricultural sectors as well as to other countries in the area. The Information and Communication Technology (ICT) systems have been down since the evening of Sunday, January 26. Because the organization's website is down, they were forced to turn to social media platforms to share critical information.
Editor's Notes
This attack, the second in two days (the attack on January 25th failed), has taken out both the SAWS web site and their email system. They were able to pivot and provide weather updates through social media (Facebook, X, etc.). There are also online alternate SA weather sources, begging the question of how many users will return to the SAWS site once service is restored.
Internet Storm Center Tech Corner
SANS ISC StormCast, Friday, January 31, 2025
Old Netgear Vuln in Depth; Lightning AI RCE; Canon Printer RCE; DeepSeek Leak
https://isc.sans.edu/podcastdetail/9304
PCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary]
RCE Vulnerability in AI Development Platform Lightning AI
Noma Security discovered a neat remote code execution vulnerability in Lightning AI. This vulnerability is exploitable by tricking a logged in user into clicking a simple link.
Canon Laser Printers and Small Office Multifunctional Printer Vulnerabilities
Canon fixed three different vulnerabilities affecting various laser and small office multifunctional printers. These vulnerabilities may lead to remote code execution, and there are some interesting exploit opportunities
DeepSeek ClickHouse Database Leak
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
SANS ISC StormCast, Thursday, January 30, 2025
Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch
https://isc.sans.edu/podcastdetail/9302
From PowerShell to a Python Obfuscation Race!
This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows
https://isc.sans.edu/diary/From+PowerShell+to+a+Python+Obfuscation+Race/31634
Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices
An exploit for this week's Fortinet vulnerability is for sale on Russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release
https://x.com/MonThreat/status/1884577840185643345
https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376
The Tainted Voyage: Uncovering Voyager's Vulnerabilities
SonarQube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads.
https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/
Hackers exploit critical unpatched flaw in Zyxel CPE devices
A currently unpatched vulnerability in Zyxel devices is actively exploited.
VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability.
SANS ISC StormCast, Wednesday, January 29, 2025
Learn about fileless crypto stealers written in Python; the ongoing exploitation of recent SimpleHelp vulnerabilities; new Apple Silicon Sidechannel attacks; a Team Viewer Vulnerability; and an odd QR Code
https://isc.sans.edu/podcastdetail/9300
Fileless Python InfoStealer Targeting Exodus
This Python script targets Exodus crypto wallet and password managers to steal crypto currencies. It does not save exfiltrated data in files, but keeps it in memory for exfiltration
https://isc.sans.edu/diary/Fileless+Python+InfoStealer+Targeting+Exodus/31630
Campaign Exploiting SimpleHelp Vulnerability
Arctic Wolf observed attacks exploiting SimpleHelp for initial access to networks. It has not been verified, but is assumed that vulnerabilities made public about a week ago are being exploited.
Two New Side Channel Vulnerabilities in Apple Silicon
SLAP (Data Speculation Attacks via Load Address Prediction): This attack exploits the Load Address Predictor in Apple CPUs starting with the M2/A15, allowing unauthorized access to sensitive data by mispredicting memory addresses. FLOP (Breaking the Apple M3 CPU via False Load Output Predictions): This attack targets the Load Value Predictor in Apple's M3/A17 CPUs, enabling attackers to execute arbitrary computations on incorrect data, potentially leaking sensitive information.
TeamViewer Security Bulletin
TeamViewer patched a privilege escalation vulnerability CVE-2025-0065
https://www.teamviewer.com/en-us/resources/trust-center/security-bulletins/tv-2025-1001/
Odd QR Code
A QR code may resolve to a different URL if looked at at an angle.
https://mstdn.social/@isziaui/113874436953157913
Limited Discount for SANS Baltimore