AI Finds Zero Day Vulnerability For First Time: Cyber Security Today for Wednesday, November 6, 2024

Jim Lau

Google uncovers the world's first AI discovered Zero day vulnerability Google Cloud makes multifactor authentication mandatory. Hackers infiltrate a French energy firm and demand $125,000 in baguettes. This is Cybersecurity Today, I'm your host Jim Lau. Google has announced that its AI driven system, Big Sleep, has uncovered a zero day vulnerability in the real world code of SQL Lite, an open source database engine used globally. This marks the first time, at least publicly, that an AI agent has successfully discovered such a critical exploitable vulnerability, a significant milestone for the future of cybersecurity. Developed jointly by Google's Project Zero and DeepMind, Big Sleep uses a large language model to assist in finding security flaws before hackers do. Project Zero, known for its elite team of ethical hackers, combined its expertise with DeepMind's leading AI research to create Big Sleep, an agent capable of navigating code in ways even the most sophisticated human fuzzers can't always manage. The vulnerability Big Sleep uncovered was an exploitable stack buffer underflow, essentially a door left ajar in the back end of a widely used software. Google's Project Zero promptly reported it to SQL Lite in October and it was patched before any official release, protecting users from potential exploitation. Finding a vulnerability in such a well known, well fuzzed system is an exciting result, said the Big Sleep team, although they admit this is still highly experimental. Fuzzing, a classic security research technique, involves bombarding code with random data to find exploitable errors. It's an approach that's effective, but far from foolproof. Google believes that AI can take fuzzing to the next level, enabling defenders to find the vulnerabilities that traditional fuzzing tools miss. By automating and supercharging this process, the Big Sleep AI aims to spot cracks in software before it's even released, closing loopholes before attackers can get in. AI could bring a huge advantage to defenders, the team explained, not just in finding vulnerabilities, but in providing root cause analysis, making triaging and fixing issues significantly cheaper and more efficient. While the results are still in the experimental phase, the implications are promising. The hope is that AI driven systems like Big Sleep will ultimately make software far less penetrable, leaving malicious actors out in the cold for now. Google's successful use of AI to detect vulnerabilities like the one in SQL Lite represents a powerful step forward towards proactively defending against cyber threats. It's a glimpse of a future where AI not only builds systems, but also safeguards them as Big sleep evolves and AI tools mature, defenders may finally gain a bit of an edge in the never ending battle against cyber threats, turning the table on hackers who have long enjoyed the upper hand. Starting in January, Google Cloud users will no longer be able to rely solely on passwords. Google Cloud is mandating multifactor authentication for all accounts, forcing the approximately 30% of its customer base that has yet to adopt MFA to add this extra layer of security. The move reflects Google's belief that mfa, long encouraged by cybersecurity experts, will dramatically improve cloud account security. At Google Cloud, we're committed to providing the strongest security for our customers, the company said in a blog post. By January, all Google Cloud users signing in with just a password will be required to implement MFA solutions. As we all know, multifactor authentication is a well established method for increasing security, using a secondary form of verification to prove a user's identity. Google first introduced two factor authentication for its users in 2011, evolving it into more secure forms like phishing resistant security keys and even passkeys. While enabling two FA has been optional for consumer accounts, Google Cloud now deems it crucial for every user due to the nature of data hosted in cloud environments. This move is backed by data from Google's Mandiant threat Intelligence team and government agencies like the cybersecurity and Infrastructure Security Agency CISA, which found that users who use MFA are 99% less likely to be hacked as part of the rollout. Google Cloud will also require MFA for users leveraging federated authentication. Here, Google is offering flexibility by allowing customers to choose whether to enable MFA through their identity provider or directly through Google's system. Google Cloud's decision follows in the footsteps of other major tech companies that are also pushing for broader adoption of mfa. AWS recently announced plans to enforce MFA for privileged accounts, while Microsoft implemented a similar policy for Azure administrators. Even Snowflake moved to mandate MFA for all users earlier this year after a series of account breaches. Cloud services providers are making these changes not just out of goodwill, but due to the increasingly evident threat landscape. A recent PwC report found that cloud based threats have become a top concern for chief information security officers, outpacing even the fear of ransomware for many organizations. Cybercriminals are increasingly targeting cloud environments, and enabling MFA has proven to be one of the most effective ways to prevent breaches, especially for sensitive accounts. Microsoft's own research into Cybergroup Storm 0501 demonstrated the use of MFA could effectively disrupt the group's dual tactics of of cloud breaches and ransomware attacks. So as MFA becomes a mandatory feature across big tech companies, it can serve as a case study on how simple security steps can stifle even sophisticated cyber threats. Hackers have compromised internal data At Schneider Electric, a France based energy management firm, Schneider representatives confirmed that roughly 40 gigabytes of internal project tracking data was breached, including issues and plugins. The hackers, however, are demanding their ransom in baguettes. The threat actor known as Greppy on X, formerly Twitter, taunted Schneider Electric in a weekend post. Hey Schneider Elect, how was your week? Did someone accidentally steal your data and you noticed? Shut down, the services, restarted without finding them. Now you shut down again and the criminals seem to have taken more juicy data. Greppe later shared a screenshot of code allegedly linked to the breach involving JIRA project management users and tickets. Greppe told Bleeping Computer that they breached Schneider's JIRA server using compromised credentials and scraped 400,000 rows of user data with a mini orange REST API, including 75,000 unique email addresses and names of Schneider employees and customers. Schneider confirmed the breach, stating that they were investigating a cybersecurity incident involving unauthorized access to one of their internal project tracking platforms. The company says that none of its products or services were affected. In a dark web post, the hackers demanded $125,000 in baguettes to avoid publicizing the stolen data. They also acknowledged that if Schneider acknowledged the breach, which it has, the ransom would be cut in half. Though the mention of the baguettes is clearly a joke and the half a loaf is clearly a joke, the situation still leaves Schneider in a sticky predicament. Although a company that size probably has the dough to pay up if they want to. Sorry, couldn't resist. That's our show for today. You can find links to reports and other details in our show notes@technewsday.com we welcome your comments, tips and even the occasional bit of constructive criticism and editorial@technewsday CA. I'm your host Jim Love. Thanks for listening.