Threats. Attacks, & Data Breaches: (8)
(Attack) In 2023, Ransomware attacks increased by 84% & Data breaches increased by 78%. (SandboxAQ)
Attack Vectors (8) -- (1) Malware-based Attacks (Ransomware, Trojans, etc.). (2) Phishing (spear phishing, whaling, etc.). (3) Man-in-the-Middle (User>Perpetrator>WebApp). (4) Distributed Denial of Service (DDoS) (5) SQL Injection Attacks (bad code in data-driven app). (6) DNS Tunneling (get control of a remote server), (7) Zero-Day Exploits (When is system is unknowingly vulnerable, threat actors can exploit it) and attacks. (8) Password Attacks (Password cracking).
Cross-Site Scripting (XSS).
BLUF: XSS is a type of cyber security vulnerability that attackers exploit to inject malicious code into websites. This code then executes within the victim's web browser, allowing the attacker to potentially steal data, redirect users to malicious sites, or even take control of their accounts.
Attack Focus (3): (1) Type of Attack: Injection attack. (2) Target: Web applications. (3) Impact: Stealing data, redirecting users, account takeover.
Quantum computers: While still in their early stages, they're expected to become powerful enough to break current Public-Key Cryptography within the next decade or two.
(Threat) CRQC (Cryptanalytically Relevant Quantum Computer): A type of quantum computer that poses a significant threat to current encryption methods. -- CRQC's are not here yet --
Cryptanalysis: The art of breaking codes and deciphering encrypted messages.
Cryptanalytically Relevant: Powerful enough to run algorithms that can crack the encryption methods widely used today (mostly public-key cryptography).
Public-Key Cryptography cryptographic system that uses two mathematically related keys, a (1) public key and a (2) private key, to encrypt and decrypt data. The public key is made available to everyone and is used to encrypt the data, while the private key is kept secret by the owner and used for decryption.
(Attack) SNDL (Store-Now-Decrypt-Later) Attacks: Attackers could steal encrypted data today and store it for decryption when quantum computers become available.
(Attack) Quantum-Enhanced Attacks: Even before full-scale quantum computers, attackers could potentially use quantum techniques to weaken existing cryptography.
(Attacks) Model Vulnerability Attacks (aka AI Attacks): AI platforms (like ChatGPT, etc.) are susceptible to different kinds of attacks. These attacks exploit weaknesses in the model itself, the data it's trained on, or how it's used.
Common types of model vulnerability attacks: (4)
Training data poisoning: (Curpting the data) This happens when the data used to train the model is inaccurate, misleading, or malicious. This can cause the model to learn incorrect patterns and produce biased or incorrect outputs.
Adversarial inputs: These are specially crafted inputs designed to trick the model into making a mistake. -- Example: An attacker might add tiny modifications to an image that cause a facial recognition system to misidentify someone.
Model extraction: In this attack, attackers try to steal or copy the internal workings of the model. This can be used to launch other attacks, like generating adversarial inputs more effectively.
Eavesdropping: If a model is processing sensitive information, attackers might try to steal that information by eavesdropping on its communications.
(Attack) Hardware Vulnerability Attacks: Hardware vulnerabilities are weaknesses in the physical components of a computer system that attackers can exploit. These weaknesses can be due to flaws in the design, manufacturing, or firmware of the hardware. Unlike software vulnerabilities, hardware vulnerabilities are often much harder to fix because hardware cannot be easily patched like software.
Hardware Vulnerability Attack Examples:
Meltdown and Spectre: These are famous vulnerabilities in modern processors that allow attackers to steal data from other programs running on the same machine.
Evil Maid Attack: This attack involves tampering with a physical device, such as a laptop, while the owner is away. The attacker can then install malware that steals data when the owner logs back in.
Mitigation Process (8) -- Go here for Azure Security Tools Used for Mitigation >>
OpenSSL is an open-source software library and command-line tool that implements SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols for secure communications. It provides cryptographic functions such as generating keys and certificates, encrypting data, and verifying certificates, making it essential for internet security and server management
Inventory and assessment: Identify systems and data that rely on vulnerable algorithms. Assess the risk and potential impact of quantum attacks. See "Security Assessment."
Monitor/Stay Informed: Stay informed about advancements in PQC algorithms and standards.
Develop a migration strategy: To transition to PQC algorithms before quantum threats become imminent. Consider factors like algorithm maturity, performance, implementation complexity, and compatibility with existing systems.
Prioritize sensitive data & HVA: Focus on protecting the most critical assets first.
Conduct Layered Security (A hybrid approach): Use PQC algorithms alongside traditional ones to provide layered security during the transition period.
Consider hardware security modules (HSMs): These can provide an extra layer of protection for sensitive cryptographic keys.
Adhere to Common Industry Standards: Participate in standardization efforts and share best practices to ensure a coordinated response to quantum threats—examples: NIST, CISA, etc.
Continuously monitor: Monitor the development of quantum computing and PQC algorithms to ensure timely and effective mitigation of potential threats.
Additional considerations:
Performance overhead/review: PQC algorithms often have larger key sizes and slower performance compared to traditional algorithms.
Standardization: PQC standards are still under development, so interoperability and compatibility might be challenges.
Retrospective decryption: Data encrypted with today's algorithms could be decrypted in the future with quantum computers, even if migrated to PQC.
AI CSIRTs, short for Artificial Intelligence (Computer) Security Incident Response Teams.
BLUF: A concept that's emerging to address security threats in the age of AI. They're essentially adaptations of traditional CSIRTs (Computer Security Incident Response Teams) but with a focus on AI-specific vulnerabilities and incidents.
Purpose: Mitigate security risks associated with AI systems.
Components: (4)
AI incident response element: Deals with AI-specific security events.
AI vulnerability discovery tools: Proactively identify weaknesses in AI systems.
AI vulnerability management framework: Addresses vulnerabilities and creates a secure development lifecycle for AI.
AI situational awareness service: Provides real-time threat intelligence on AI security.
Stakeholders (in an AI CSIRT): A team combining expertise from various areas:
AI/ML practitioners
System/database administrators
Network engineers
Threat intelligence researchers
Team lead (for communication and strategy)
Reference:
There's ongoing research and development in this field. For instance, the FIRST organization has an AI Security SIG (Special Interest Group) focused on using AI for security and incident response (https://www.first.org/global/sigs/ai-security/).