Security News > 2021

Abstract: It has become common to publish large language models that have been trained on private datasets. This paper demonstrates that in such settings, an adversary can perform a training data extraction attack to recover individual training examples by querying the language model.

Cybersecurity companies and U.S. intelligence agencies are investigating the possible role played by a product from JetBrains in the recently discovered SolarWinds hack, according to reports. The New York Times and Reuters reported on Wednesday that cybersecurity experts and government agencies are trying to determine whether the hackers that targeted SolarWinds may have abused software created by JetBrains to achieve their goal.

The US Federal Bureau of Investigation has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide. The FBI says in a TLP:WHITE Private Industry Notification shared on Wednesday that Egregor claims to have already hit and compromised more than over 150 victims since the agency first observed this malicious activity in September 2020.

JetBrains' CEO, Maxim Shafirov, denied reports from multiple news outlets that the company played a role in the SolarWinds supply chain attack. TeamCity, a continuous integration and deployment system used for unit testing and code quality analysis, is the JetBrains product that officials are reportedly looking into as a potential attack vector used by the SolarWinds hackers.

Back in November, 2020, netizens warned that a Chrome extension called The Great Suspender may be malicious. The Register understands that the unidentified maintainer of the project subsequently resubmitted the extension without the suspicious behavior that had been cited in a GitHub issues post.

The U.S. Department of Justice on Wednesday became the latest government agency in the country to admit its internal network was compromised as part of the SolarWinds supply chain attack. "On December 24, 2020, the Department of Justice's Office of the Chief Information Officer learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others," DoJ spokesperson Marc Raimondi said in a short statement.

From the use of novel attack techniques to the targeting of new attack vectors, we have a preview into how attacks will evolve. In 2021, threat actors will move on from basic ransomware attacks and will weaponize stolen information about an executive or business to create fraudulent content for extortion.

Multiple malware authors are using the "Ezuri" crypter and memory loader to make their code undetectable to antivirus products. According to a report released by AT&T Alien Labs, multiple threat actors are using Ezuri crypter to pack their malware and evade antivirus detection.

The SolarWinds security breach disclosed last month, which US authorities believe was of Russian origin and led to the compromise of at least 18,000 organizations, may have been enabled in part by software from JetBrains. One of these, build management and continuous integration system TeamCity, is used by SolarWinds as part of its application build process.

In November, after a series of hacks directed at Universal Health Services and others, the cybersecurity agency CISA warned of an "Increased cybercrime threat to U.S. hospitals and healthcare providers." Large healthcare organizations can have a potentially vast attack surface, so making an inventory of potential vulnerabilities is essential.