Cyberattacks on British Airways, Boots and BBC last week may have compromised payroll data and now it could potentially target AI and supply chain vulnerabilities, revealed GlobalData, a data and analytics company.
The battle against cyberattacks seems to have been lost, with vulnerabilities in AI becoming a potential future target, according to the company.
“The ingenuity behind these attacks is beyond the capability of most enterprises to prevent occurring. They can only take steps to be as resilient as possible. These attacks are tried and tested perhaps more than many realize,” said David Bicknell, GlobalData’s Principal Analyst – Thematic Intelligence.
As per Kroll’s analysis, the Russia-based Clop ransomware gang has been looking for ways to exploit a now-patched zero-day vulnerability in the MOVEit Transfer managed file transfer (MFT) solution since 2021.
“The battle to prevent these sorts of attacks from occurring has already been lost. What is important now is for security specialists – companies, researchers, security vendors, and governments –to put their best efforts into limiting as far as possible the use of artificial intelligence (AI), including generative AI, by hackers for offensive purposes,” added Bicknell.
“Events the past week demonstrated that security researchers can too easily break through so-called guardrails instituted in AI software and manipulate the software into ignoring safety restraints and then revealing private information. If they are not controlled, these vulnerabilities will lead to future AI-driven cyberattacks,” pointed out Bicknell.
On the cyberattacks on British Airways, Boots and BCC, Rajesh Muru, Principal Analyst, Global Enterprise Cybersecurity Lead – GlobalData, said that this is a classic case of poor risk management posture across company supply chains.
“Risk management compliance guidelines like NIST go some way to address supply chain cybersecurity risks. However, both user and supplier initiatives around cybersecurity are just not sophisticated enough to drive visibility across the complete supply chain,” added Muru.
“This often leads to end-user enterprises not having visibility on the security posture across the complete supply chain and, more importantly, sufficient time to react,” Muru explained on the consequences of the cyberattack.
“The irony of all of this is that software vendor Progress (formerly ipSwitch) very much sells on the premise of secure transferability of sensitive data with the popular file transfer software MOVEit. The product itself has strong security features, covering cryptographic tamper-evident Logging, Regulatory/Compliance Support (PCI, HIPAA, SOC2, GDPR), and Gateway Reverse Proxy,” pointed out Muru.
Further, “Therefore, it just shows that, even now, with developments in AI and the sheer volume of use cases for it, the question remains, is the world moving into a darker place with the potential for adversarial machine learning attacks through vulnerabilities?” Muru raised the question of AI and supply chain vulnerabilities.
According to Amy DeCarlo, GlobalData’s Principal Analyst – Global IT Hosted and Managed Services, Clop allegedly exploited a vulnerability in the file transfer software MOVEit to tap personal identifiable information (PII) including names, addresses and banking information.
“This doxware incident, in which instead of cybercriminals encrypting data and demanding ransom in exchange for a decryption key, they threaten to publish the information, is one of a steadily increasing stream of similar incidents,” said DeCarlo.
“Prevention is critical. Organisations need to make sure they are running the most current anti-virus software. Another important defense is end-user education. Attackers often use phishing and other social engineering tactics to breach an enterprise,” noted DeCarlo.
(Image credit – Arab News)