Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Cybersecurity Snapshot: First Quantum-resistant Algorithms Ready for Use, While New AI Risks’ Database Is Unveiled

Cybersecurity Snapshot: First Quantum-resistant Algorithms Ready for Use, While New AI Risks’ Database Is Unveiled

NIST has released the first encryption algorithms that can protect data against quantum attacks. Plus, MIT launched a new database of AI risks. Meanwhile, the CSA published a paper outlining the unique risks involved in building systems that use LLMs. And get the latest on Q2’s most prevalent malware, the Radar/Dispossessor ransomware gang and CVE severity assessments!

Dive into six things that are top of mind for the week ending August 16.

1 - NIST releases first quantum-resistant algos

Three encryption algorithms that can protect data from quantum computer attacks are ready, a significant step in the efforts to prevent a global data-theft disaster when these powerful systems become available around 2030. 

The post-quantum encryption standards are designed to secure “a wide range of electronic information,” including email messages and e-commerce transactions, the U.S. National Institute of Standards and Technology (NIST) announced this week.

Here’s the problem: Cybercriminals are eagerly waiting to get their hands on quantum computers, which will be able to decrypt data protected with existing public-key cryptographic algorithms.

 

NIST releases quantum-resistant algos

 

While NIST is evaluating more post-quantum algorithms, the agency is urging system administrators to start transitioning to this first set of encryption tools right away because the integration process will take time.

“There is no need to wait for future standards,” said Dustin Moody, NIST mathematician and leader of the standardization project. “Go ahead and start using these three.”

These are the three encryption standards, called Federal Information Processing Standard (FIPS):

  • FIPS 203 is intended to be the primary standard for general encryption. Its advantages include its speed of operation and its small encryption keys. 
  • FIPS 204 is envisioned as the primary standard for protecting digital signatures. 
  • FIPS 205 is also designed for digital signatures. 

The standards contain the encryption algorithms’ computer code, implementation instructions and their intended uses.

To get more details, check out:

For more information about the quantum computing cyberthreat:

2 - MIT launches database of AI risks with 700-plus entries

The Massachusetts Institute of Technology (MIT) this week unveiled the AI Risk Repository, a database that aims to consolidate in a single place all risks associated with the use of artificial intelligence.

To compile the initial set of 700-plus risks, MIT analyzed 43 existing AI risk frameworks, and found that even the most comprehensive framework overlooked about 30% of all risks currently listed in the database.

“Since the AI risk literature is scattered across peer-reviewed journals, preprints, and industry reports, and quite varied, I worry that decision-makers may unwittingly consult incomplete overviews, miss important concerns, and develop collective blind spots,” project leader and MIT postdoctoral researcher Peter Slattery said in a statement.

 

MIT launches database of AI risks with 700-plus entries

 

The AI Risk Repository’s risk domains include:

  • AI system safety, failures, and limitations
  • Socioeconomic and environmental harms
  • Discrimination and toxicity
  • Privacy and security
  • Malicious actors and misuse

The risk domains are further subdivided into 23 subdomains. The AI Risk Repository is a “living database” that’ll be expanded and updated, according to MIT.

To get more details, check out:

For more information about AI risks:

3 - CSA: Beware of unique risks when building systems with LLMs

If your organization is building systems that use large language models (LLMs), your system architects and engineers need to be aware of special risks and challenges that impact security.

That’s the main topic of the Cloud Security Alliance’s new report “Securing LLM Backed Systems: Essential Authorization Practices,” published this week. It offers guidance and best practices for securely building systems that leverage LLMs.

“LLMs used as system components pose several new challenges for architects and engineers regarding predictability, security, and authorization,” reads the report, which is aimed at systems engineers and architects, and at privacy and security professionals.

The report also outlines essential components of systems that use LLMs:

  • Vector databases, which are used for AI-system retrieval and processing
  • Orchestrators, which coordinate LLM inputs and outputs
  • LLM caches, which cache LLM content for faster retrieval, but need access controls
  • Validators, which protect the input / output process against attacks like SQL injection, command injection and cross-site scripting
CSA: Beware of unique risks when building systems with LLMs


(Source: Cloud Security Alliance’s “Securing LLM Backed Systems: Essential Authorization Practices” report, August 2024)

To get more details, check out:

For more information about AI risks to cybersecurity, check out these Tenable blogs:

4 - A Tenable poll on CVE severity assessments

During a recent webinar about Tenable Security Center, we polled attendees about how they assess the severity of Common Vulnerabilities and Exposures (CVEs.) 

Check out what they said about their current and future use of the Common Vulnerability Scoring System (CVSS), the Vulnerability Priority Rating (VPR) and the Exploit Prediction Scoring System (EPSS).

Tenable poll on CVE severity assessments

(59 respondents polled by Tenable, August 2024. Respondents could choose more than one answer.)

Tenable poll on CVE severity assessments

(55 respondents polled by Tenable, August 2024. Respondents could choose more than one answer. CVSSv2 was an option but no one chose it.)

If you’re interested in the latest about Tenable Security Center and in vulnerability management best practices, watch the on-demand webinar “Tenable Security Center Customer Update, August 2024.”

5 - SocGholish again tops quarterly list of malware incidents

For the fourth straight time, the SocGholish malware variant – used in fake software-update attacks – ranked first on the Center for Internet Security’s quarterly report of malware infections.

SocGholish accounted for 60% of malware incidents in the second quarter of 2024, a sign that the popularity of fake software-update attacks remains strong. It first topped the list in the third quarter of 2023, with a 31% share of malware incidents.

In fake software-update attacks, users get tricked into installing a legitimate-looking update for, say, their preferred browser, that instead infects their computers with malware.

SocGholish again tops quarterly list of malware incidents

(Source: Center for Internet Security, August 2024)

Here’s the full list, in descending order:

  • SocGholish, a downloader distributed through malicious websites that tricks users into downloading it by offering fake software updates 
  • Agent Tesla, a remote access trojan (RAT) that captures credentials, keystrokes and screenshots
  • CoinMiner, a cryptocurrency miner that spreads using Windows Management Instrumentation (WMI)
  • NanoCore, a RAT that spreads via malspam as a malicious Excel spreadsheet
  • ZPHP, a JavaScript downloader that’s distributed via fake browser updates
  • Mirai, a malware botnet that compromises IoT devices to launch DDoS attacks
  • Magecart, a credit card skimming and point-of-sale malware that steals payment data from forms on vulnerable websites 
  • Arechclient2, also known as SectopRAT, is a .NET RAT whose capabilities include multiple stealth functions
  • DarkGate, a downloader and keylogger that steals financial data and personally identifiable information (PII), and delivers other malware
  • Lumma Stealer, an infostealer used to swipe PII, credentials, cookies and banking information

To get more information, check out the CIS blog “Top 10 Malware Q2 2024,” where you’ll find more details, context and indicators of compromise for each malware strain.

For details on fake update attacks:

VIDEOS

Fake Chrome Update Malware (The PC Security Channel)

Apple Mac OS users falling for fake browser update that installs malware (Windows, Computers and Technology)

6 - Radar/Dispossessor ransomware gang hit by int’l police operation

Law-enforcement agencies from Germany, the U.K. and the U.S. disrupted the Radar/Dispossessor ransomware group, shutting down its servers and domains in these three countries.

Radar/Dispossessor targets small- and medium-sized businesses (SMBs), looking for systems with unpatched vulnerabilities, weak passwords and no multi-factor authentication, the FBI announced this week. It uses a double-extortion model, exfiltrating victims’ data as well as encrypting it.

Although it initially targeted the U.S., law enforcement agencies found evidence that it has struck victims in about 15 other countries in Europe, Asia and Latin America. Launched in August 2023, it is led by an individual known as “Brain,” according to the FBI.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.