Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Malicious Backdoor. Show all posts

Anthropic Research Indicates That AI Algorithms May Turn Into "Sleeper Cell" Backdoors

 

While AI tools offer companies and online users novel avenues, they also have the potential to significantly boost the accessibility and potency of certain forms of illegal activity and crimes. For example, take the latest study that revealed large language models can be turned into malicious backdoors, which have the potential to cause quite a bit of mayhem for users. 

The study was released by Anthropic, the AI business that created the popular chatbot Claude and has funding from Google and Amazon. Anthropic researchers claim in their research that AI algorithms are susceptible to being transformed into what are essentially "sleeper cells." Such cells could look innocuous, but if specific requirements are met, they might be designed to act maliciously, such as adding weak code to a codebase. 

For example, the researchers created a scenario in which an LLM is configured to function normally in 2023, but when 2024 arrives, the malicious "sleeper" suddenly wakes up and starts generating malicious code. The research suggests that such programs could possibly be designed to exhibit negative behaviour in response to particular cues. 

Given that AI programs have grown immensely popular among software authors over the past year, the findings of this study appear to be quite alarming. It's easy to picture a scenario in which a coder uses a popular, open-source algorithm to help them with their development tasks, only for it to turn malicious at some point and start making their product less secure and hackable.

“We believe that our code vulnerability insertion backdoor provides a minimum viable example of a real potential risk...Such a sudden increase in the rate of vulnerabilities could result in the accidental deployment of vulnerable model-written code even in cases where safeguards prior to the sudden increase were sufficient,” the company stated. 

If it appears strange that an AI company would release research demonstrating how its own technology can be so horribly exploited, consider that the AI models most vulnerable to this type of "poisoning" are open source—that is, code that is flexible, non-proprietary, and easily shared and adapted online. Notably, Anthropic is closed-source. It is also a founding member of the Frontier Model Forum, a group of AI companies whose products are primarily closed-source and have campaigned for stricter "safety" rules in AI development.

Over 17,000 Websites Exploited in Massive Balada Injector Campaign

 

Over 17,000 WordPress websites have been compromised as a result of the notorious Balada Injector attack. The Balada Injector, discovered in 2022 but thought to have been active since 2017, weaponizes vulnerabilities in premium WordPress themes and plugins to install malicious backdoors. 

Following infection, these backdoors redirect website users to fake tech help pages, bogus lottery winnings, fraudulent push notification hoaxes, and other scams. 

With such a wide range of deceptive techniques, experts believe that Balada Injector is either a service offered to other threat actors or a direct component of a scam operation. 

The recent wave of attacks is being blamed on the tagDiv Composer plugin's CVE-2023-3169 cross-site scripting (XSS) vulnerability. This plugin is found on an estimated 155,000 websites with the Newspaper and Newsmag WordPress themes, both premium products, laying the groundwork for possible attacks. 

This effort started in September, following the public disclosure of the vulnerability and the publishing of a proof-of-concept. 

In a recent analysis, website security firm Sucuri exposed the extent of the infiltration, citing specific indications of the attack, such as a malicious script located within separate tags. Sucuri discovered six different attack waves: 

Over 5,000 websites were compromised by malicious script injections from stay.decentralappps[.]com. 

  • Making rogue WordPress administrator accounts with the login "greeceman" at first, then switching to ones that are automatically produced based on website hostnames.
  • By using the WordPress theme editor to make changes to the 404.php file for the Newspaper theme, you can gain persistence covertly.
  • The installation of the deceptive wp-zexit plugin, which emulates authorised WordPress administrator activities. 
  • Three new malicious domains with higher obfuscation were introduced, complicating detection attempts. 
  • Using promsmotion[.]com subdomains instead of the preceding domain, three distinct injection methods were discovered on a total of 235 websites. 

The CVE-2023-3169 vulnerability was used to compromise over 9,000 of the 17,000 compromised sites, demonstrating the attackers' tremendous effectiveness and ability to adapt quickly for maximum impact. 

Webmasters and site owners should immediately upgrade the tagDiv Composer plugin to version 4.2 or later, which addresses the known flaw. Regular upgrades to themes, plugins, and all website components remain critical in protecting against such formidable threats.