CSOonline: Agentic AI is both boon and bane for security pros

AI agents are predicted to reduce time to exploit by half in two years, here is what you need to know to figure out if your business need agentic AI and how to find the right one. Agentic AI has proved to be a huge force multiplier and productivity boon. But while powerful, agentic AI isn’t dependable, and that is the conundrum. In this post for CSOonline, I describe some of the issues and make some recommendations for how to safely and productively deploy this tech.

 

A new type of disinformation campaign based on LLM grooming

Most of us are familiar with the Russian state-sponsored Internet Research Agency. The group has been featured in numerous fictional spy movies and is responsible for massive misinformation campaigns that center around weaponizing political social media posts.

But the Russian misinformation network is branching out into the world of AI, specifically around poisoning or grooming the training models used by western AI chatbots. A recent report by NewsGuard documents this latest insidious move. 

Called Pravda — not to be confused with the print propaganda cold war “newspaper” of the former Soviet Union — it targets these chatbots by flooding search results and web crawlers, It doesn’t generate any original content. Instead, it aggregates a variety of Russian propaganda and creates millions of posts of false claims and other news-like items. The Pravda network serves as a central hub to overwhelm the model training space. As a result, many of the most popular chatbots reference these fictions a third of the time in their replies. In effect, they have turned chatbots into misinformation laundering machines. “All 10 of the chatbots repeated disinformation from the Pravda network, and seven chatbots even directly cited specific articles from Pravda as their sources,” Many of the responses found by their researchers included direct links to the Pravda-based stories, and in many cases, the AI citations don’t distinguish between reliable and unreliable sources.

What is curious about the Pravda network is that it isn’t concerned with influencing organic ordinary searches. Its component domains have few if any visitors of its websites or users on Telegram or other social media channels. Instead, its focus is on saturating search results from automated content scanners, such as would happen with AI training models. On average, the network posts more than 10,000 pieces of daily content.

Researchers at the American Sunlight Project call this LLM grooming and go into further details on how this works and why the Pravda network isn’t designed around human content consumption or any interaction. They show how Pravda makes extensive use of machine translation of its content into numerous languages, which post awkwardly worded pages. “The top objective of the network appears to be duplicating as much pro-Russia content as widely as possible,” they wrote.

The NewsGuard researchers examined 10 leading large-language model chatbots: OpenAI’s ChatGPT-4, You.com’s Smart Assistant, xAI’s Grok, Inflection’s Pi, Mistral’s le Chat, Microsoft’s Copilot, Meta AI, Anthropic’s Claude, Google’s Gemini, and PerplexityAI.

NewsGuard has been around for several years now and provides various auditing and transparency services. They found Pravda uses more than 150 different domains spreading more than 200 false claims in more than 40 languages, such as describing Zelensky’s personal fortune and how the U.S. operated secret bioweapons labs in Ukraine, just to pick two. The company, founded by Court TV’s Steven Brill and former Wall Street Journal publisher Gordon Crovitz, began tracking AI-based misinformation last summer. The American Sunlight Project is run by Nina Jankowicz, who has held fellowships at the Wilson Center and other NGOs as well as working for a Homeland Security disinformation board during the Biden years.

The risks are high: “There are few apparent guardrails that major companies producing generative AI platforms have deployed to prevent propaganda or disinformation from entering their training datasets,” writes the Sunlight team. And as this data is flooded with garbage, it will get harder for AI models to distinguish genuine human interaction in the future.

Beware of evil twin misinformation websites

Among the confusion over whether the US government is actively working to prevent Russian cyberthreats comes a new present from the folks that brought you the Doppelganger attacks of last year. There are at least two criminal gangs involved, Struktura and Social Design Agency. As you might guess, these have Russian state-sponsored origins. Sadly, they are back in business, after being brought down by the US DoJ last year, back when we were more clear-headed about stopping Russian cybercriminals.

Doppelganger got its name because the attack combines a collection of tools to fool visitors into thinking they are browsing the legit website when they are looking at a malware-laced trap. These tools include cybersquatting domain names (names that are close replicas of the real websites) and using various cloaking services to post on discussion boards along with bot-net driven social media profiles, AI-generated videos and paid banner ads to amplify their content and reach. The targets are news-oriented sites and the goal is to gain your trust and steal your money and identity. A side bonus is that they spread a variety of pro-Russian misinformation along the way.

Despite the fall 2024 takedowns, the group is once again active, this time after hiring a bunch of foreign speakers in several languages, including French, German, Polish, and Hebrew. DFRLab has this report about these activities.They show a screencap of a typical post, which often have four images with captions as their page style:

These pages are quickly generated. The researchers found sites with hundreds of them created within a few minutes, along with appending popular hashtags to amplify their reach. They found millions of views across various TikTok accounts, for example. “During our sampling period, we documented 9,184 [Twitter] accounts that posted 10,066 of these posts. Many of these accounts were banned soon after they began posting, but the campaign consistently replaces them with new accounts.” Therein lies the challenge: this group is very good at keeping up with the blockers.

The EU has been tracking Doppleganger but hasn’t yet updated its otherwise excellent page here with these latest multi-lingual developments.

The Doppelganger group’s fraud pattern is a bit different from other misinformation campaigns that I have written about previously, such as fake hyperlocal news sites that are primarily aimed at ad click fraud. My 2020 column for Avast has tips on how you can spot these fakers. And remember back in the day when  Facebook actually cared about “inauthentic behavior”? One of Meta’s reports found these campaigns linked to Wagner group, Russia’s no-longer favorite mercenaries.

It seems so quaint viewed in today’s light, where the job of content moderator — and apparently government cyber defenders — have gone the way of the digital dustbin.

Don’t fall for this pig butchering scam

A friend of mine recently fell victim to what is now called pig butchering. Jane, as I will call her, lives in St. Louis. She is a well-educated woman with multiple degrees and decades of management experience. But Jane is also out more than $30,000 and has had her life upended as a result of this experience, having to change bank accounts, email addresses and obtain a new phone number..

The term refers to a complex cybercrime operation that has at its heart the ability to control the victim and compel them to withdraw cash from their bank account and send it via bitcoin to the scammer. The reason why this scam works is because the victim is taking money from their account. The various fraud laws don’t cover you making this mistake. I will explain the details in a moment.

Many of us are familiar with the typical ransomware attacks, where the criminals receive the funds directly from their victims: these transactions might be anonymous but they are reversible. So let’s back up for a moment and track Jane’s actions leading up to the scam.

In Jane’s situation, the attack began when her computer received a warning message that it had been hacked and for her to call this phone number to disinfect it. Somehow, this malware was transmitted, typically via a phishing email. This is the weak point of the scam. Every day I get suspicious emails — most are caught by the spam filters, but occasionally things break through. As I was helping Jane get her life back on track, my inbox was flooded with email confirmations of an upcoming stay at a hotel. At one point, I think I had a dozen such “confirmations.” Perhaps the guest made a legitimate mistake and used my email address — but more likely, as these emails piled up, this was an attempted phishing scam. 

Anyway, back to Jane. She called the number and the attacker proceeded to convince her that she was the victim of a scammer — which ironically was true at the time, and probably the first and last thing he said that was true. Her computer was infected with all sorts of child porn, and she could be legally liable. She believed the scammer, and over the course of several hours, stayed on the phone with him as she got in her car, drove to her bank and withdrew her cash.

Now, in the cold light of a different day, Jane understands her mistake. “I was a lawyer. I should have recognized this was all a fabrication,” she told me, rather abashedly. “I should have known better but I was caught up in the high emotional drama at that moment and wasn’t thinking clearly.” Eventually, her attacker directed her to a bitcoin “ATM” where she could feed in her $100 bills and turn it into electrons of cybercurrency. Her attacker had thoughtfully sent her a QR code that contained his address. Think about that — she is standing in a convenience store, feeding $100 bills into this machine. That takes time. That takes determination. 

Jane is computer literate, but doesn’t bank online. She manages her investments the old-fashioned way: by calling her advisors or visiting them in person. She has a cellphone and a computer, and while I was helping her get her digital life back in order we were remembering where we were when we first used email many decades ago and how new and shiny it was before scammers roamed the interwebs.

So how did the scam unravel? After spending all afternoon on the phone, the scammer got greedy and wanted more fat on the pig, so to speak. She called him back on her special hotline number and he asked her to withdraw more money from her bank account. She went back to her bank, and fortunately got the same teller that she had the day before. He questioned her withdrawal and that brought the butcher shop operation to a halt when she revealed that she was being directed by the scammer.  

But now comes the aftermath, the digital cleanup in Aisle 7. And that will take time, and effort on Jane’s part to ensure that she has appropriate security and that her contact info is sent to the right places and people. But she is still out the funds. She knows now not to get caught up in the moment just because an email or a popup message tells her something. 

Avoiding pig butchering scams means paying attention when you are reading your email and texts. Don’t multitask, focus on each individual message. And when in doubt, just delete. 

CSOonline: A buyers guide for SIEM products

Security information and event management software (SIEM) products have been an enduring part of enterprise software ever since the category was created back in 2005 by a couple of Gartner analysts. It is an umbrella term that defines a way to manage the deluge of event log data to help monitor an enterprise’s security posture and be an early warning of compromised or misbehaving applications. It grew out of a culture of log management tools that have been around for decades, reworked to focus on security situations. Modern SIEM products combine both on-premises and cloud log and access data along with using various API queries to help investigate security events and drive automated mitigation and incident response.

For CSOonline, I examined some of the issues for potential buyers of these tools and point out some of the major issues to differentiate them. This adds to a collection of other buyers guides of major security product categories:

The new world of hybrid warfare: cutting undersea cables

The song from The Little Mermaid goes “Under the sea, darling it’s better down where it is wetter.” Well, not quite.

This week the hybrid war between Russia and the rest of the world took a new turn, with the seizure of the bulk carrier Vezhon by the Swedish Coast Guard. The details are provided in Sal Mercogliano‘s video – it is now the fourth ship that was suspected of dragging its anchor in the Baltic Sea and cutting an undersea cable. This time it was a cable which runs between Latvia and Sweden. Let’s unpack this situation.

There are hundreds of thousands of miles of cables that run across the ocean seabed around the world, divided mostly into those carrying communications and others that move electrical power to remote locations. Laying these cables is a tricky operation, and there are specialized ships that do this. By way of reference, you might enjoy this Fluctus video on how undersea cables are made, laid and repaired.

The videos show how the cables can deteriorate over time as various sea life attaches itself (think a thick layer of barnacles and lots of corrosion) – getting through that junk at underwater depths isn’t easy. Divers have had to develop new tools and repair methods.

Last summer we had a cable cut in front of my home as contractors installed new streetlights. They ended up severing a major AT&T fiber cable that had hundreds of individual strands. While working a few feet below the street wasn’t a picnic, it is nothing like the conditions faced to do these repairs on the seabed.

Much easier is how a ship’s anchor can be dropped and dragged along the bottom. The cables are clearly shown on marine maps – this is a feature and not a bug because prior to the Russian sabotage events, the marine transportation community wanted mariners to know where the cables ran so that ships would steer clear of them. Here is a more stylized map showing how many cables are laid in the Baltic region.

Sal’s analysis (I feel like we should be on a first-name basis because I have been a fan of his videos since the Baltimore bridge accident two years ago) concludes that having four cable cuts in a few months in nearly the same area is suspicious. An update has found that the ship’s anchor accidentally broke. Yup.

As a mariner himself he shows how anchors on these large ships are controlled and how easy it would be to lower one undetected by the ship’s navigators. He calls this part of a hybrid war – meaning that it combines the traditional “kinetic” war fighting (with guns, tanks, and missiles) with more technology-based things such as drones with careful targeting of digital infrastructure, such as seabed cables and satellite internet access. The hybrid nature also combines military targets with civilian ones, such as communication cables that connect countries.

Ukraine has deployed hybrid techniques in its war with Russia. And I am sure that we could find instances of US and our allies using similar tactics. What it means is that life under the sea has become the new battleground. Sorry, Sebastian!

CSOonline: Python administrator moves to improve software security

The administrators of the Python Package Index (PyPI) have begun an effort to improve the hundreds of thousands of software packages that are listed. The attempt, which began earlier last year, is to identify and stop malware-laced packages from proliferating across the open-source community that contributes and consumes Python software.

The effort called Project Quarantine is described in blog post by Mike Fiedler, who is the sole administrator responsible for Python security. The project allows PyPI administrators and a select group of developers to mark a project as potentially harmful and prevent it from being easily installed by users, avoiding further harm.

In my blog post for CSOonline, I describe this effort and how it came about.

CSOonline: SOAR buyer’s guide, 11 products compared

The class of products called SOAR, for Security Orchestration, Automation and Response, has undergone a major transformation in the past few years. Features in each of the four words in its description that were once exclusive to SOAR have bled into other tools. For example, responses can be found now in endpoint detection and response tools. Orchestration is now a joint effort with SIEM tools. Many of these features are now found in managed security products that go by other names, such as threat and incident response or cloud security posture management (CSPM). And many of the SOAR tools are no longer just focused on security but have expanded to cover the wider context of how an enterprise infrastructure operates.

In this review for CSOonline, I cover some of the major issues for enterprises that are looking for a SOAR tool and briefly mention 11 vendors (out of dozens that offer such products). Be warned that these products are pricey, and finding true price transparency is almost impossible without engaging the vendors’ sales teams.

CSOonline: Top 5 security mistakes software developers make

Creating and enforcing the best security practices for application development teams isn’t easy. Software developers don’t necessarily write their code with these in mind, and as the appdev landscape becomes more complex, securing apps becomes more of a challenge to handle cloud computing, containers, and API connections. It is a big problem: Security flaws were found in 80% of the applications scanned by Veracode in a recent analysis.

As attacks continue to plague cybersecurity leaders, I compiled a list of five common mistakes by software developers and how they can be prevented for a piece for CSOonline.

CSOonline: Top IDS/IPS tools

An intrusion detection or prevention system can mean the difference between a safe network and a nasty breach. We’ve rounded up some of the best and most popular IDS/IPS products on the market.

Detecting and preventing network intrusions used to be the bread and butter of IT security. But over the past few years, analysts and defenders have seen a slow but steady transition from these products. They have become a component of a broader spectrum of network defensive tools, such as security information and event management (SIEM) systems, security orchestration and response (SOAR) and endpoint and network management and detection systems.

For CSO, I examined the top six commercial tools and four open source ones, explain the different approaches and form factors used, and compare how intrusion prevention fits into the overall security marketplace.