Department of Know: Axios malware, TeamPCP campaign, New Storm infostealer

A

This is Sarah Lane with the Department of no. Adam Palmer, CISO at First Hawaiian Bank. What is your priority this week?

B

Driving business as an accelerator. Always trying to make sure that our risk decisions are clear, aligned to growth and not just controls.

A

And Jack Kufal, CISO at Michigan Medicine. What's your priority this week we are

C

trying to figure out all things Microsoft fabric and Purview and what's true and what's not.

A

Well, we have lots to discuss today and thank you both so much for being with us.

C

From the CISO series, it's Department of no.

A

Welcome everybody to the Department of no. This is your Virtual Monday strategy meeting. Our sponsor today is Vanta. Remember to get involved in our YouTube chat live we broadcast every Monday at 4pm Eastern Time. Or you can email us@feedbackisoseries.com with any thoughts or you might have. Disclaimer as always, opinions expressed are those of our guests. All right, we've got about 30 minutes. Let's dive right in to the news, starting with no or no. Okay, so we'll run through some stories over the past week that got a lot of attention, and I want both of your quick takes. Is this something security professionals need to know about, or is it more noise than signal? Let's start with CLAUDE source code being leaked. So Solaire Labs intern Chafon Shao posted on X that Anthropic seemed to have published a JavaScript source map file for CLAUDE code on its public NPM registry. The source file was quickly archived and spread across GitHub. Anthropic acknowledged the leak, saying it was the result of human error, not malicious activity. The story will have some big impacts for Anthropic, but is this kind of human error leak something your teams need to know about or is it a no big deal? Jack, we'll start with you.

C

In general, I think it's no big deal from the security point of view. I think it's a good story, though, to remind I work inside healthcare and it's a good story to think about that insider impact, that human error impact that you will carelessness and what it could mean to your institution or your company or your bottom line. But it's. It's a big oops. But it is at the end of the day an oops. And yeah, I would contextualize it that way and oops.

A

That doesn't necessarily affect something that you do.

C

Not yet. Right. There's a lot of CLAUDE being used in the environment, so having source code out there is. I prefer it not to be out there, but there's a lot of source code out there. So I contextualize it inside that and it's anthropic and it's big. So it's a big target, it's a big name, it's a big brand. But beyond that, it's in the slightly noisy category for me.

A

Yeah, Adam, what do you think?

B

This is a K and O W for me and my team, I think, because it highlights for me the growing gap between AI adoption and governance maturity. So the issue here isn't just the leak. I believe it's what it reveals. So AI systems are now operational platforms. They're not just models. The ATTCK surface includes pipelines and architecture logic. So from a CISO perspective, this is what insider risk is evolving into our AI pipeline risk. And this affects how we protect competitive advantage and intellectual property, not just our system. So if your AI pipeline isn't governed like production infrastructure, you're already exposed.

A

Yeah, that was going to be my, my question to both of you is if anthropic says, don't worry, not malicious, not, not a state actor, just human error, what do you do at that point? Because there's always going to be human error.

C

Yeah, I think you, you learn from it. Every instance is a, is an area where you learn from. I mean, there's some pretty juicy information in that leak, which like Adam said, really tells you some of the inside baseball about what anthropic's doing, how they're building their code, some of the things they're concerned about. It probably does them no service to have terms like undercover mode disclosed so early and so prominently. But it sort of shows their whole card. Right. So now you kind of know the play. But it's also rapidly developing code base. So this is the newest and freshest going to be probably in about a year. This is going to look like some outdated. Right. Just because of the speed that it's going at. So it's, it's interesting to see sort of the story behind the story that's going on Anthropic, since there's such a huge name in that space. But I don't know if it tells us anything we didn't already feel. It just gives us a good story to point to and say, hey, this is why, this is why you need to get the governance in order. This is why you have to understand how supply chain works. This is why you have to understand where these LLMs and these no code, low code sort of providers are either formally in your stack or Informally in your stack.

A

Well, speaking of dangerous things, potentially, Apple added a new macOS Tahoe 26.4 security feature that warns users and delays execution when pasting potentially dangerous commands into Terminal targeting click fix social engineering attacks that tricks users into running malicious code. The system alerts users that execution was blocked and explains the risk, though they can still proceed if they so desire. Apple already put plenty of speed blocks in place in the past when running suspicious software on the desktop. Apple's kind of known for this. Is adding these kinds of warning in Terminal something that you would want to bring to each of your teams? Or is this kind of an Apple thing and not really an issue for you? What do you think, Adam?

B

I think this is a no and oh for my weekly team meetings. But it's a useful contextual or useful for contextual awareness. I would say it's an incremental control, not a strategic shift. So Apple's trying to compensate for user driven execution risk, which we've always had. And I think from a CISO lens, there's no material change here to enterprise posture, but it does. It reinforces that users remain the last mile vulnerability. So no control will save you from a user who's convinced to click yes.

A

What do you think, Jack?

C

I'm in the same space as Adam. It's nice. I appreciate it. It's very polite of Apple to put a notice in there like that. I think about the behavior behind it. I'm always curious when users are going into the terminal or the command prompt and maybe don't have the savvy to understand what might be malicious or what might not be. So I think it tells us more about where our users might be and how prominent it is. It's nice for any interaction between your SOC or your service desk and wherever your analysts are to just be aware that that's a new hello World type banner that they're putting in place. But I have to believe that the users that are inside the terminal are probably going to bypass that and click through it because they know better. They've told me better.

A

I mean, let's face it, lots of Apple users are not using Terminal ever. If you're already savvy enough to kind of know your way around that, that, that arena, I would think that, you know, you'd, you'd have people kind of going, hmm, all right, let me think again.

C

They're probably there for a reason, right? Your, your average, you know, Apple user isn't popping open Terminal every day. It's going to be your, it's going to be your BSD users that that are in there. Yeah. And I don't know. I don't put much into Unix stereotypes, but the Unix stereotypes that I work with don't like barriers and roadblocks and bristle against them. So they might just see it as a barrier without thinking about it and just clicking through and getting out of it as fast as possible and executing something that could be dangerous.

A

All right, next story. Researchers at ReliaQuest uncovered a credential stealing campaign called Deep Load that uses AI generated obfuscation and social engineering to gain persistent access, often triggered by fake browser prompts. The malware logs keystrokes, hides malicious code under massive volumes of AI generated junk code, runs under trusted Windows processes, and can re infect systems days later via USB spread and hidden persistence mechanisms. So, bad news. Are we at the stage where these new uses for AI or an automatic we need to know a little more about this, or are you becoming more selective about these new types of threats? Jack, we'll start with you.

C

This one feels we need to know a little bit more. Instead of just taking a piece of that kill chain, if you will, and automating it or using an AI agent or using something AI informed, this is a full or more complete kill chain, which is a little bit more novel, at least novel for everyday companies outside of national defense or finance to get hit with. So seems like a maturation of that attack vector. Seems like it has a high chance of being effective. Seems like it has a high chance of being low cost. Seems like it has a high chance of being repeatable and sellable. So it's something to definitely pay attention to and get the team to know more about.

A

Adam, are you worried about this one?

B

AI hasn't changed attacker intent, but it's changing attacker efficiency. So this is a KN for me and my team. We're moving from curiosity to prioritization on AI threats. Not everything matters, but attackers can now produce high quality, low cost, highly variable malware. So I think what we do as a CISO in response to this is focus on behavioral detection. And we have to assume that polymorphic threats are going to be the baseline. So this really has the potential to increase attack volume, reduce decision certainty, and just continue to drive the complexity of our response.

C

It's also probably a pretty good example of what's always been described to me as a failure of imagination. Right. Don't assume how your attacker's going to attack you and that they're going to follow the cookbook. They're making up their own recipes. They're getting pretty fast and pretty cheap at it. I think that Adam mentioned it. Sort of that economic factor, when these sophisticated attacks become much more economically available, that's where we're just gonna see that explosion of that use. So paying attention to how successful it is and how complicated it is has to be married with how cost effective it is for a malicious actor to use.

A

All right, we've got another story here. As former CISA director Chris Krebs recently characterized, Iran seems to be throwing against the wall when it comes to cyber operations. I guess that's a spaghetti opera reference. Researchers at Keela's Cyber Intelligence center found evidence that the country revived state backed ransomware operation Pay to Key. This revival saw the group recruiting from Russian illicit forums, a move that Keela characterized as outsourcing geopolitical retribution to the global cybercrime talent pool. Now that sounds like a lot of word salad, but I know you both know exactly what that means. It's nice to see Iran getting the band back together. I suppose we're really seeing all the levers that a nation state can throw into a war. So do you want to know more about pay tiki, or is this a new thank you for you, Adam?

B

Sarah, I think you don't need to be a geopolitical target to be collateral damage. And that's why this is a KN for me. It's strategically important for most enterprises. You're not being targeted because you're important. You're being targeted because you're connected. And that's important. And this is really about resilience. This increases the baseline threat levels without warning. And it affects all of the sectors across the United States indirectly. So nation state tactics eventually also often become criminal playbooks.

A

What do you think, Jack?

C

I think this is a. You need to know more about these things. I think teams at all levels. This is not a topic reserved for executives or three beers after work. What's going on in the world and the speed at which geopolitical effect can impact the institutions, the supply chains, or just any system of integrity that we have in the homeland is everyday work. Now, it used to be fairly unique, at least in healthcare, maybe 10 years ago. Then you had a couple instances of it five or six years ago, and now it's more of a. You watch your news headlines, you watch your signal, and there's a direct correlation and causation between those, not just between nation states, but like you said, nation states working with for hire criminal actors or other sympathetic geopolitical Groups. And we've seen that time and time again. And the time between US military action, for example, with Iran and impact on the homeland is same day. And that's something that is important to make sure executives and boards and users understand that arc because it's seems really, really far away. But those attacks move at the speed of light against us instantly.

A

You know, the saying seems really far away. I've heard a lot of that sentiment like, wow, this seemed just like it wouldn't touch me in any way. You know, I don't work for the government, for example. I mean, I'm not talking about myself specifically, but that, that is a refrain I hear a lot. And then it's like, well, wait a second. No, it actually can affect you really quickly.

B

So following on to that point, Sarah and I think across all the stories we've talked about that the key shift is that geopolitical and technical threats now impact enterprises in days, not months. And the tools and tactics that are used are shared instantly across a variety of ecosystems.

C

Yeah, I think in America we generally have felt and have been very, very safe for 70 some years because of really big oceans, Hawaii excluded. There's two or three whole generations of people feeling quite safe, quite insulated. Sure, there's a world economy and we see those impacts. But to see sort of same day impacts for geopolitical events is new and it's not so outlandish. And I think there's a lot of speaking to that and there's an assumption gap. Do your executives, do your boards, do your IT partners, do your customers understand that connection and can you explain it in a reasonable way that isn't scaremongering or fud, but is relatable? And the best way that I usually describe that is it's not just about the availability of a hospital. Can you take down a hospital, can you take down three hospitals? These supply chain attacks are becoming more and more profound because of the area effect, because supply chains are highly concentrated, especially inside critical infrastructure. And those are always going to be newsworthy and that's a demonstration of vulnerability. If you can take out a supplier that is serving a third of U.S. health care, you're going to get noticed and you're going to have that impact on integrity and that wears down the citizenry. Right. And starting to make those relationships. I think a lot of people don't understand why we can't stop them or what that real state of play is for a company like Adams or Eyes. But in a way, in a very real way, you know, it is us against the Iranian Revolutionary Guard some days, and there's a lot of people involved with that, but most of it's about recovery and resilience. But you can't stop it.

A

Well, on that note, we want to thank Vanta for being our sponsor today because risk and regulation are ramping up. We all know this, and customers expect proof of security just to do business. Vanta's automation brings compliance, risk and customer trust together on one AI powered platform. So whether you're prepping for a SoC2 or running an enterprise GRC program, Vanta keeps you secure and keeps your deals moving. Learn more@vanta.com CSAL all right, let's get to some more stories that definitely deserve our attention this week. Let's start with Axios. No, not the news Org, the other one. Axios, a widely used HTTP client library on npm, which was hijacked by threat actors to introduce a remote access Trojan into two releases. Google's Threat Intelligence Group chief analyst John Holtquist attributed the attack to the North Korean Advanced persistent threat group UNC 1069. They've been in the news quite a bit lately. The attackers were able to hijack the NPM account of Axios Maintainer, then change the account email, then lock everybody out. Rather than change the Axios code directly, they added a malicious dependency, manually pushing through NPM's CLI rather than the project's GitHub Actions pipeline to avoid detection. Very tricky. All right, so here's the question. This was a big story of the week. The malicious Axios versions were only available for a few hours, but given its download volume, that's a huge attack. Surface. This isn't the first attack on the open source chain. Earlier we covered a story on dozens of NPM packages used to deploy persistent malware, but it is the latest and it's kind of the biggest. Doesn't seem like we'll stop using npm. So Jack, what do you think the solution is?

C

I don't know. I've mulled it over and I have no easy solution. But all the tropes that I think CISOs use around things like software, bill of materials and, you know, things of that nature where you're just doing more and more inventories, you can do more and more analysis. Seems like we hit diminishing returns a long time ago. I think there's some interesting ideas around runtime bills of material to understand not just what's being used, but what's actually running. But there's something in the solution. Can't be More weight, more traditional vulnerability analysis. So switching more towards a continual assessment of the threat vector is going to be more advantageous than chasing the inventory ghost, if you will.

A

Adam, would you agree with that?

B

Yeah, I think that this is one of the most important stories this week and it's. And what's the reason is here is that open source isn't the risk, it's unverified trust is the risk. And we've created an environment where a single maintainer can equal systemic risk, where dependency chains create invisible attack patterns. And I think what we can do as CISO to follow on what Jack said is continuous dependency monitoring, not just point in time runtime behavior validation and zero trust applied to code and not just our users.

C

I think there's a piece of that if you think about it. I think it's important not to focus on the open source piece. Right. Because sometimes when there's an open source it can become synonymous with one developer keeping 100 million customers up and running. I won't say there's some truth to that, there's real truth to that, but if you look at it like any other type of market concentration, it's kind of the same threat whether you're dealing with a massive for profit piece of software that everyone uses or it's an open source package that's buried in there. So understanding market concentration and what it does to your risk landscape and factoring that in to how you do your threat assessment, I think is important how you do it. Like I said, there's a flood of information there and I don't know if there's a tool base that's completely caught up with what we're seeing, what we need, but I think it will get there to start telling us where are you potentially over concentrated in a package, in a developer, in an open source toolkit, in a commercial toolkit, in a cloud provider, whatever the case may be. And there's an emerging idea at least in our sector about what to do about tool market diversification. So you at least have a stake in the ground about. Well, if one thing goes down with that package, we've got an easier recovery path. Not necessarily useful in this particular use case, but that thought that the tools you use and the concentration that you use is worth thinking about because maybe it's an efficiency for your company, but it also factors into your risk landscape.

B

Yeah, the issue is an open source, it's unverified trust at scale.

C

Yeah.

A

Well, related a new report from Wiz tracking the activities of Threat Group Team pcp Reveals a methodical and fast moving operation. Seems to to be a trend here on the show against the open source supply chain. Building on the group's previously reported attack on the LLM proxy library, Light LLM was observed Team PCP validating stolen secrets from supply chain attacks within hours of exfiltration, then launching AWS discovery operations against confirmed credentials in less than a day. Researchers note the group is explicitly collaborating with extortion outfit Lapsus. That connection proved out this week as two new victims emerged. Cisco confirmed attackers use credentials stolen via a malicious GitHub Actions plugin in the Tribi supply chain attack to access its internal development environment. AI hiring platform Mercor disclosed a breach tied to the compromised Light LLM project as well, with Lapsus separately claiming to have accessed Mercur data, including Slack and internal platform content. And the group was pegged to be a recent attack on the European Commission. Okay, so we've got another supply chain story here, but this shows more of that long tail we see on third party breaches and what it might mean down the road. We've seen instances where a third party breach or supply chain dependency creates months of headaches that ripple across the enterprise. We can't stop third party breaches, but how do we get our organizations ready for the fallout when these types of breaches happen? Adam?

B

So it's not the breach that hurts, it's the time between the breach and the response. And what this shows is that resilience isn't measured in hours now, or rather it is measured in hours, not weeks. And I think that it was interesting in this story is the speed of exploitation post breach. All right, you had credential validation within hours, cloud exploitation within a day. And it really compresses timelines for Defender. So as a ciso, what I do in response to this is increasing a rapid credential rotation capability. I want to have cloud visibility within hours, not days, and predefined third party breach playbooks. So this really the impact here for the business is this determines whether a breach is contained or whether it becomes a multi month enterprise level incident.

A

And for people who are your employees, who are good at what they do, how do you change the structure of how they work?

B

I think that's a significant challenge in trying to, as we adopt some of these methodologies to automate and improve our attack time to match the speed at which the attacks are coming, to improve that resilience. Again, our resilience and our response has to be much faster than current capabilities.

A

Jack, is this something that you're struggling with at all in your line of work?

C

I think yes, in that context of third party risk. And what does that mean? It's nothing that health care has really figured out. Healthcare is a heavy compliance for third party risks in the contracting and in the negotiation of goods and services. But that's not helping us all in these types of situations. Most of our companies we work with get through our third party contracting risk assessment sort of piece. But what we don't do is an ongoing impact analysis. So when a third party breach occurs, we do sort of sit around and ask ourselves what could that potential impact be? Not only are third party breaches occurring more, but our company in health care, we're using third parties almost exponentially. We're outsourcing, we're using third parties, we're moving things that used to be done on prem, used to be done with our staff and we're moving those into that third party space. And in general it's pretty great. However, from that attack surface space, we're losing the context to understand what the potential impact of those third party breaches are. And it isn't something that cleanly fits into any pre existing division or department or team. So there is a space, I think, for information security leaders to be innovative and leaders inside the space, not for information security, but on behalf of their business and their availability. Because in our sector, when there's a third party breach, you can't always just cut it off because you don't know what the impact of that's going to be because you're dealing with human discovery and care providing. Those are big impacts. If you move a large company that's had a breach into your deny list, you might be cutting off something hyper critical and not even aware of it because you don't have those lines of communication. So complex organizations need to somehow simplify and optimize how they do third party impact analysis. Like what Adam said, in a much shorter iteration, it has to be done in hours, not days. And that's about how long it takes us to figure out when there's a third party breach. What would it mean to cut it off, leave it running, or any mixture of those two points?

A

Well, as we close out today's standup, you've both given us lots of good advice. But is there a piece of advice you've been ruminating on you've been thinking about that you want to share with our audience? Adam, we'll start with you.

B

What ties all of this together is a fundamental shift. Sarah, I think that cybersecurity is no longer about just preventing bad things from happening. It's about operating safely in an environment where compromise is inevitable. And I think the CISOs who are going to succeed in that environment aren't the ones with the most tools, but they're the ones with clear decision making, strong governance, fast response capability. So security maturity isn't defined by what you block, it's defined by how you respond.

A

Well, thank you so much, Adam. That is very good advice. Jack Kufal, what say you?

C

I think along those same lines I've been paying more and more attention, particularly inside. Anything to do with corporate versus BYO AI platforms inside your companies is the idea that you're just supposed to secure whatever the business buys or uses is passe. Getting involved and being that digital risk leader to have a voice in the room to elevate the risk conversation, particularly in a space that's very excited, there's a lot of excitement around AI tools and data tools related to them. And instead of just talking about encryption or corporate devices or secure networks or EDRs, really to talk about observability for what work is being captured by those tools so you can secure the flow, not just the tool. And that's really where most people should start switching their thinking towards much more of that digital risk landscape as opposed to blocking and tackling infosec.

A

Well, we want to thank everybody who was joining us live for being with us and chatting with us. Thank you so much to both of my guests today. Adam Palmer, CISO at First Hawaiian bank, and Jack Khufal, CISO at Michigan Medicine. We're going to have links to both of your linkedins and our show notes if anybody wants to look you up. Um, you'll know soon enough. And thank you again to our sponsor, Vanta. And remember, you can send us feedback anytime@feedbackisoseries.com your feedback helps make our show the best it can be. Join us again next Monday at 4pm Eastern for another edition of the Department of no. To register for the show live on YouTube, just go to CISO series.com and click on events. Thank you for joining our Monday standup. I'm Sarah Lane and you stay secure out there.

C

Cybersecurity headlines are available every weekday.

A

Head to cisoseries.com for the full stories. Behind the headlines.