Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label US infrastructure. Show all posts

Experts Issue Warning Regarding Rising Threat of AI-Driven Cyber-Physical Attacks

 

As artificial intelligence (AI) technologies advance, researchers are voicing concerns about the possibility of AI-fueled cyber-physical attacks on critical US infrastructure. Last month, the FBI warned that Chinese hackers might impair critical sectors such as water treatment, electrical, and transportation infrastructure. MIT's Stuart Madnick, an influential authority in cybersecurity, stresses that these concerns could transcend beyond digital damage and pose real threats to national security. 

Emerging threats to cybersecurity

The integration of AI into hacking strategies is changing the cybersecurity landscape, resulting in more complex and potentially destructive attacks. Madnick's research at MIT Sloan's CAMS has revealed that cyberattacks can now cause physical harm, such as explosions in lab settings, by manipulating computer-controlled equipment. This differs from traditional cyberattacks, which only briefly impair services, and highlights the rising threat of long-term damage to critical infrastructure. 

AI's role in rising threats 

Hackers now have more tools at their disposal to craft attacks that evade security measures due to the advancement of AI technologies. Tim Chase, CISO of Lacework, highlights how AI-driven manipulations could impact systems that use programmable logic controllers (PLCs). A major worry is that AI could make it possible for even intermediate hackers to physically harm industrial and healthcare systems, especially considering how dependent these industries are on antiquated systems that have little defence against such attacks. 

Call for robust security procedures

Enhanced cybersecurity solutions are desperately needed in light of these emerging risks. Using AI-powered security tools like anomaly detection and predictive maintenance is vital for mitigating physical and cyberattacks. The federal government's warnings to state election authorities also highlight the significance of staying vigilant and prepared to defend not just the physical infrastructure but also the integrity of democratic processes. 

As the possibility of AI-driven cyber-physical attacks rises, the need for better security measures becomes more pressing. Collaboration among government, industry, and cybersecurity professionals is critical for developing and implementing solutions to combat the rising threats posed by AI-enhanced cyberattacks. The stakes are high, as national infrastructure and the democratic fabric of society are compromised.

This Malware is Assaulting Critical US Infrastructure for Almost a Year

 

Over the course of the last 11 months, a threat group has actively engaged in a phishing campaign targeting employees across various companies, distributing an open-source trojan program named AsyncRAT. The victims of this campaign notably include companies responsible for managing critical infrastructure in the United States.

The cybersecurity division of AT&T, known as Alien Labs, has reported that the attackers employ a domain generation algorithm (DGA) within their command-and-control (C&C) infrastructure. This technique helps them rotate through a large number of domains, making it challenging to block traffic. In an effort to evade detection, the threat actors continually generate new samples of the malicious tool. Researchers have identified over 300 samples and 100 domains associated with this particular campaign.

AsyncRAT, an open-source remote access tool released in 2019 and still available on GitHub, serves as the attackers' weapon of choice. As a remote access trojan (RAT), AsyncRAT offers features such as keylogging, exfiltration techniques, and initial access staging for delivering the final payload.

It's not uncommon for even sophisticated threat actors to utilize open-source malware frameworks, providing advantages such as low development costs and plausible deniability. Interestingly, AsyncRAT had been previously employed in 2022 by an APT group known as Earth Berberoka or GamblingPuppet, as tracked by security firm Trend Micro.

The phishing emails, scrutinized by Alien Labs and other researchers, employ a thread hijacking technique to direct users to a phishing page, eventually dropping a JavaScript (.js) file on users' computers. This script, when opened in Notepad, contains numerous randomly commented-out English words, while variants using Sanskrit characters have also been reported in previous campaigns. The highly obfuscated script aims to download the second-stage payload from a URL encoded using a custom cipher and decimal values.

The second-stage payload is another encoded script in PowerShell, executed directly in memory without being saved to disk. The PowerShell script communicates with a rotating C&C server domain, sending information such as computer hostname and a variable indicating the likelihood of the computer being a virtual machine or sandbox.

If deemed a valid target, the C&C server deploys AsyncRAT. In the case of a potential virtual machine or sandbox, the server redirects the request to Google or launches a different PowerShell script that downloads and initiates a decoy RAT, designed to distract researchers investigating the campaign.

To further complicate detection, the attackers regularly randomize the script code and malware samples, and they rotate C&C domains weekly. Despite these efforts, Alien Lab researchers managed to reverse-engineer the domain generation algorithm, providing insights into historical samples and enabling the development of detection signatures for future infrastructure identification. The AT&T Alien Labs report includes detection signatures for the Suricata intrusion detection system and a list of indicators of compromise (IOC) for building detections on other systems.