Learning Library

← Back to Library

Shai Hulud 2.0: NPM Threat Escalates

42m • Unknown Channel • security • news • intermediate • Watch on YouTube ↗

Key Points

The podcast stresses that personal responsibility for security—pausing to consider decisions—directly influences safer practices at work.
IBM’s “Security Intelligence” show, hosted by Matt Kaczynski with guests Dave Bales, Michelle Alvarez, and Brian Clark, highlights current cyber‑threat news and expert analysis.
A new wave of the Shai Hulud worm is targeting both NPM and Maven packages, now executing during the pre‑install phase, self‑healing, and even deleting home directories if no secrets are found.
Compared to its September debut, the worm has become fully automated, spread to over 25,000 repositories, and incorporates more aggressive behaviors, effectively “growing up” from a toddler to a teenage threat.
The episode also previews other security topics—including developers leaking secrets, the 200‑company Gain site breach, a pre‑hacked Android streaming device, and how poetry can bypass AI guardrails—culminating in a teaser of a bonus interview with a malware reverse‑engineer.

Sections

Full Transcript

# Shai Hulud 2.0: NPM Threat Escalates **Source:** [https://www.youtube.com/watch?v=o3caaeeCPXg](https://www.youtube.com/watch?v=o3caaeeCPXg) **Duration:** 00:42:54 ## Summary - The podcast stresses that personal responsibility for security—pausing to consider decisions—directly influences safer practices at work. - IBM’s “Security Intelligence” show, hosted by Matt Kaczynski with guests Dave Bales, Michelle Alvarez, and Brian Clark, highlights current cyber‑threat news and expert analysis. - A new wave of the Shai Hulud worm is targeting both NPM and Maven packages, now executing during the pre‑install phase, self‑healing, and even deleting home directories if no secrets are found. - Compared to its September debut, the worm has become fully automated, spread to over 25,000 repositories, and incorporates more aggressive behaviors, effectively “growing up” from a toddler to a teenage threat. - The episode also previews other security topics—including developers leaking secrets, the 200‑company Gain site breach, a pre‑hacked Android streaming device, and how poetry can bypass AI guardrails—culminating in a teaser of a bonus interview with a malware reverse‑engineer. ## Sections - [00:00:00](https://www.youtube.com/watch?v=o3caaeeCPXg&t=0s) **Personal Security Meets Workplace Ops** - The segment emphasizes personal responsibility for security decisions and introduces IBM's Security Intelligence podcast episode covering developer secret leaks, major breaches, compromised Android devices, AI guardrail bypasses, and the resurgence of the Shai Hulud worm. - [00:04:58](https://www.youtube.com/watch?v=o3caaeeCPXg&t=298s) **Balancing Open Source and Security** - A discussion on the delicate trade‑off between publishing tools for community benefit and the heightened attack surface such releases create, including considerations like credential rotation and scanning for secrets. - [00:08:22](https://www.youtube.com/watch?v=o3caaeeCPXg&t=502s) **Protecting Developers from Supply Chain Attacks** - Panelists discuss how organizations can bolster defenses and training to guard developers against malicious code injected into software packages, which can damage reputations. - [00:14:42](https://www.youtube.com/watch?v=o3caaeeCPXg&t=882s) **Shadow IT’s Double‑Edged Dilemma** - The speaker debates the benefits and risks of shadow IT, emphasizing how personal device use and human psychology shape security outcomes. - [00:18:32](https://www.youtube.com/watch?v=o3caaeeCPXg&t=1112s) **Risks of Persistent SaaS Permissions** - The discussion warns that granting SaaS vendors ongoing access creates a broad attack surface, urging organizations to assess breaches comprehensively and coordinate security across all integrated platforms. - [00:21:45](https://www.youtube.com/watch?v=o3caaeeCPXg&t=1305s) **Taking Threats Seriously & IoT Hijacking** - The speaker urges organizations to heed shared security warnings and then explains how cheap Android streaming devices are covertly commandeering home bandwidth to support malicious botnet traffic. - [00:25:07](https://www.youtube.com/watch?v=o3caaeeCPXg&t=1507s) **Trusted Vendors, Untrusted Products** - The discussion highlights how scams can infiltrate reputable retailers—both brick‑and‑mortar and online—undermining the assumption of safety and complicating traditional anti‑phishing defenses. - [00:28:28](https://www.youtube.com/watch?v=o3caaeeCPXg&t=1708s) **The Limits of Trust in Tech** - The speaker cautions against assuming safety based on brand, stresses personal due diligence when integrating tools, and questions how organizations can effectively defend against unsanctioned purchases without resorting to intrusive surveillance. - [00:31:49](https://www.youtube.com/watch?v=o3caaeeCPXg&t=1909s) **IoT Scam Allure and Security** - The speaker reflects on the tempting yet shady IoT device scam, the urge to create a safer personal version, and what this reveals about broader IoT security challenges and the limits of organizational control. - [00:35:42](https://www.youtube.com/watch?v=o3caaeeCPXg&t=2142s) **Poetic Prompts Crack AI Guardrails** - A recent study shows that framing malicious instructions as poems dramatically boosts jailbreak success rates across major language models, prompting a discussion on the implications and defenses. - [00:38:53](https://www.youtube.com/watch?v=o3caaeeCPXg&t=2333s) **Creative AI Jailbreak Strategies Discussed** - The panel debates using poems, rap, and other creative prompts to jailbreak AI models, stresses “trust but verify,” and wraps up with a teaser about a honeypot malware bonus episode. - [00:42:07](https://www.youtube.com/watch?v=o3caaeeCPXg&t=2527s) **Subtle Email Trigger Reveals Malware** - Although Raymond initially couldn’t pinpoint why a seemingly innocuous email raised his “spidey sense,” his deeper investigation uncovered a sophisticated malware loader that blends classic techniques with novel evasion tricks, underscoring the perpetual cat‑and‑mouse nature of cybersecurity and the need to stay abreast of emerging threats. ## Full Transcript

0:01I think there is something to be said about individuals 0:05taking ownership of their own personal security that then has 0:10an impact in what they do in their workplace. It's 0:14all about kind of just thinking about it, right? Just 0:16taking a minute to just stop and think about it. 0:20Is this the right decision? Am I making the right 0:22choice? All that and more on security Intelligence. Hello and 0:32welcome to Security Intelligence, IBM's weekly cybersecurity podcast where we 0:37break down the most interesting stories in the field with 0:40help from our panel of experts. I'm your host Matt 0:43Kaczynski and joining me today, Dave Bales of X Force 0:47Incident Command and host of the not the Situation Room 0:50podcast, Michelle Alvarez, manager, X Force Strategic Threat Analysis and 0:55the illustrious Brian Clark, senior technology advocate and a producer 0:59on this very show. Stepping in front of the camera 1:02here is what we're talking about today. Developers keep leaving 1:06secrets out in the open. 200 companies were hit in 1:10the gain site breach, the Android streaming device that comes 1:14pre hacked, and how poetry can defeat your AI guardrails. 1:18Plus, stick around at the end for a sneak peek 1:21of our newest bonus episode where a malware reverse engineer 1:25tells us what it's like to discover a new strain 1:28of malware. But first, the return of Shai Hulud. The 1:37Shai Hulud worm first ripped through NPM packages in September 1:41and now a new strain dubbed Shai Hulud. But the 1:45eye is a one this time. It's very confusing, is 1:47causing even more chaos in the NPM registry. It has 1:51even started infecting packages in Maven too. Like its predecessor, 1:55it's a worm that steals developer secrets and spreads by 1:58publishing malicious packages under its victim's account names so they 2:03look very legitimate. Hundreds of NPM packages have been trojanized 2:07by the worm thus far, including packages from trusted entities 2:10like Zapier and Postman. Shai Hulud Round 2 also comes 2:15with some notable upgrades, including it now executes during the 2:19pre install phase, which helps it evade some detection. It 2:22has self healing capabilities and if it doesn't find any 2:25secrets on your machine, it just tries to delete the 2:28entire home directory. Now Dave, I know you folks have 2:32covered shy Hulud on your podcast, starting with the original 2:35worm back in September. So I want to throw to 2:37you first, what are your thoughts on this new round, 2:39especially compared to the last time we saw Shai Hulude? 2:42What's changed here? It's automated now. It's completely automated. It 2:47spreads automatically, it installs automatically. There's no interaction that's needed 2:53between the user and the machine. And like you said, 3:04upgraded capabilities and it has, it's infected, what, more than 3:0925,000 repositories at this point. Which was large. Yeah, larger 3:14than the first iteration of Shai Hulud. So it's, it's 3:18growing up. It's, you know, it's no longer a toddler, 3:21it's now a petulant little teenager. And what do you 3:25think of that choice to. To make it a wiper 3:27if things don't go the way they want it to 3:29go? Right. Like, what do you think the g. Is 3:31it just like throwing a tantrum? Basically, it's exactly is 3:36I can't find the cookies, so I'm going to lay 3:38down on the floor kicking and screaming. It's basically what 3:41it's doing. Michelle, I want to ask you if this 3:45pattern of kind of, you know, a malware that when 3:48it doesn't find what it wants, it throws a tantrum 3:50and tries to blow things up, is this common? Have 3:52we seen this kind of thing before? You know, what's 3:55your take on it? Yeah, I don't know if I'm 4:04environments, but I do want to say that, Shahud, it's 4:07not an enigma in terms of like things that we're 4:11seeing in environments. We definitely are seeing this active and, 4:16you know, it's a concern for our clients right now, 4:18especially since we had round one and round two is 4:22significantly worse. So, you know, in terms of the broader 4:26picture though, I think what we are concerned about also 4:30is possibly the loss of trust with these open source 4:35platforms. We want to be able to leverage them and 4:37use them and they've done a lot of good in 4:39terms of being open source for the community and innovation 4:43and automation. But then when we have these supply chain 4:47attacks right now we're looking at, okay, what's the bigger 4:50picture? Is there more risk to using these types of 4:52platforms? Yeah, that's a very good point. And we talked 4:55last week about kind of open source approaches to security. 4:58Right. We were talking specifically about the X Force releasing 5:02a bunch of new tools to Open source on GitHub. 5:04And it is this tricky line you have to walk 5:06when you go open source with anything. Right. Where like 5:09you said, it's done a lot of good for the 5:10community, but it is also like part of your attack 5:13surface and it extends your attack surface even beyond the 5:17confines of your own organization. Brian, any thoughts on that? 5:21The kind of dance of open source, keeping it secure, 5:24putting things out there. What's your take? I think we're 5:27always going to have that, like, thin line between, you 5:31know, everybody wanting things to be open source and accessible, 5:35and then also at the same time sort of backpedaling 5:38or double checking what, what we're putting out there or 5:43what we're bringing onto our own machines. I guess, like 5:47my first takeaway. I'm just still so stuck on the 5:49name the the Second Coming and wondering if this is 5:52going to be part of a trilogy. Maybe it's safe 5:56to say at this point that they're. They're Dune fans. 5:57We know that. I did find it interesting that it 6:02uses Truffle Hog to scan for the tokens on the 6:05local machine. Um, and then also just the thoughts about, 6:09well, what do we do if this happens or if 6:12we're affected. I was reading a little bit about how 6:16rotating your credentials or scanning your endpoints, but it's a 6:21scary thing. Like Dave and you were talking about a 6:24minute ago, throwing a tantrum, just, okay, I don't get 6:26what I want. So nobody wins. So this whole thing 6:29places the focus yet again on the kind of vulnerabilities 6:33of the software supply chain. Right. Is like a primary 6:35target for attackers. And it's got me thinking, you know, 6:39have developers kind of become the front line in our, 6:43in our, you know, defense systems right now? You know, 6:45we talk a lot about your everyday employee being the 6:47front line. They get a phishing email, they got to 6:49stop it. But what about developers too? Are they on 6:51the front line now and are we doing enough to 6:53support them? Dave, I'll start with you. Any takes there? 7:09sensitive to their code. They like their code being their 7:13own. And when their code gets obfuscated with something else, 7:17they take great offense to that. The problem is that 7:20they're not always aware that their code is being stolen 7:24from them and then turned into something malicious. And then 7:27they find that out later, and now they don't know 7:30what to do. They have to go back into their 7:31code. They've got to fix their code, republish their code. 7:34The most important key key to that, though, is that 7:37they have to reestablish the trust that they've been given 7:42by the people who use their code. That's not always 7:45easy to Do. That's a very good point. Right. How 7:47do you reestablish that trust? And it's almost like it 7:50makes the tail of the attack, its blast radius, even 7:53bigger because now it's not just your package got hit 7:55and you got to fix that package. It's like you 8:02package is good now. Yeah. My package is fixed. It's 8:06fixed, I promise. And they can say that all they 8:08want. But you know, as a user of some of 8:11these npms, I'm not going to trust it until I've 8:14seen someone else, you know, dip their toe in. The 8:16water, something like this shy hulud where the way it 8:19spreads is by publishing malicious packages under your name. Right. 8:22And so I don't know, I can imagine a situation 8:24where I'm a developer, I don't even know one of 8:26my packages has been hit with this thing. And all 8:28of a sudden people are telling me that I'm spreading 8:30malware. I'm like, what the heck happened here? So if 8:33developers are becoming a target, not just the frontline, which 8:36I think is a very important distinction, what are some 8:39of the things our organizations have to kind of start 8:41doing to help strengthen the defenses around this particular target? 8:47Michelle, any thoughts there on your end? What can we 8:49start doing? Yeah, I feel like we're always iterating this, 8:52which is user education and user enablement and training. It 8:59could be attack that we're not aware of, but now 9:01we are. Right. So are we now integrating that in 9:04our user training and awareness programs? Because we've had so 9:09many similar types of attacks. I really think this is 9:12something we're going to see into the foreseeable future as 9:17more and more of these types of packages are basically 9:23modified for malicious purposes. And we have this domino effect 9:27of again, one library now cascading to multiple projects and 9:32infecting multiple organizations. And it's, it is a brand reputation 9:37issue, as Dave alluded to right now. This is my, 9:42this is my brand, this is my name now. It's 9:45got a black mark on it. Absolutely. Brian, any final 9:48thoughts here? To, to round out the segment, I. Would 9:51just say that for developers and security experts to sort 9:56of work together, making sure that I know developers are 10:01usually working on what gets what gets the product or 10:06whatever they're working on out the quickest and most efficiently 10:09where security experts are what is going to get it 10:12done safely. So those two working together and security experts 10:16not necessarily saying no, you can't do that. But let's 10:20work together and get that done in a safe manner. 10:23So I guess security experts thinking like developers, developers thinking 10:27like security experts and just sort of bridging the gap 10:29there. I like that you've kind of tapped one of 10:31the running themes of the show, which is that security 10:33kind of has to not always be saying no, but 10:36saying, here's how we do it safely Right now. Let's 10:40move on to a story where developers are still the 10:43target, but this time they might be doing some things 10:45to make themselves the target. This is some research from 10:54Watchtower that found that developers keep leaking secrets to code 10:59formatting tools. Now, offensive security researchers at Watchtower Labs analyzed 11:05some publicly accessible URLs on the popular code formatting tools 11:09JSON formatter and code beautify and found 80,000 plus saved 11:14JSON blobs, which included such treasures as SSH keys, active 11:19directory credentials, and even some customer pii. The researchers decided 11:25to plant some of their own fake tokens that they 11:27could track to see if there was anybody exploiting this 11:30weakness. And spoiler Al, of course, there were people. They, 11:34they found people taking their fake tokens and trying to 11:37use them just I think within 48 hours of putting 11:39them out there. So, you know, there are some malicious 11:42entities who are aware of this vulnerability. I want to 11:45start by asking the question of, of, of why are 11:48people so willing to paste confidential code and data into 11:52a public tool with unproven security controls? Brian, you left, 11:58which means I'm gonna throw it to you first. What 12:00are your thoughts here? It's quick and easy. I feel 12:04like as human beings, we are simple creatures. It's a 12:08quick and easy thing. I don't necessarily, I guess, understand, 12:14like the formatting. I know there was a lot in 12:16the article talking about like beautifying the code, prettifying the 12:20code, but at the end of the day, that tool 12:24does what people are looking for to do quickly and 12:26easily. So of course it's going to be a perfect 12:29place to set up an attack. I'm wondering though, if 12:33these tools have any kind of responsibility to shore up 12:36their defenses. I want to ask you, Dave, do you 12:39think that this is something that we can put some 12:40of the blame on the Tools feed, or is it 12:42really just like developers stop doing this. What are your 12:45thoughts? No, I think you can always put some of 12:47the blame on the, on the Tools feed. I mean, 12:49it's, it's, it's not always the developers and we do 12:52have a bad habit of blaming developers when something goes 12:54wrong and, you know, damaging the reputation, like we talked 12:58about a few minutes ago, you can't always look at 13:02the developer and say, hey, I know what you're doing 13:05here. You're sending out these. The tool is just making 13:08it pretty. It doesn't work that way. There's some blame 13:13to go around. It's not one person, it's not one 13:18tool, it's both. They have to have to be able 13:20to work together. You've got to be able to work 13:22with your machinery in order to create the cognitive. Yeah, 13:25absolutely. So I think it can come down to just 13:29as simple as an sop, right. What is your process 13:33and procedures say when you're developing code? What are the 13:36tools you're able to use? And if you're able to 13:39use those tools, what types of data are you able 13:42to include on those platforms? And you know, maybe nine 13:47times out of ten, I'm just throwing out a statistic 13:49I'm not really necessarily confident in. But you know, maybe 13:54it's just as simple as that. What does your SOP 13:56say about how you develop and share code? And what 14:00are those specific data sets that you're able to do 14:04on those platforms? And it may be as simple as 14:07that. I mean, there may be more complexity to it, 14:09but sometimes that's all it is. Absolutely. And I think 14:13it does start to raise too though, you know that 14:16there's always this kind of, I don't call it a 14:18phantom issue of shadow it. Right. You can tell people 14:21what they are or aren't allowed to use. Some people 14:24don't always listen. Right. And I think especially in kind 14:26of like an AI era, we're seeing a lot more 14:28shadow it and shadow AI kind of pop up. And 14:32so I'm wondering, right, you know, you kind of, you 14:33can set some, some rules around what people can or 14:36can't use, but there's always going to be people who 14:37maybe skirt the rules or whatever. I don't know, is 14:40there anything you can do about that or shadow it? 14:42Just something we're destined to deal with and I'm going 14:46to throw it to you. Dave, actually I want to 14:47see if you have some thoughts here. I feel attacked 14:50here. I just feel like you're the guy most likely 14:53to have some ideas about shadow it. You know, shadow 14:57it, it's a double edged sword. This can be a 15:00good thing, it can be a bad thing. Companies don't 15:03want you going to certain places on their equipment. This 15:08is my laptop does not belong to me. I can't 15:12Just go out and visit whatever side I want. And 15:16in doing that, the shadow, it is not a bad 15:19thing. I mean, I would much rather know that when 15:22I come in here in the morning and turn this 15:24thing on that it's going to work properly and it's 15:27not going to be broken because of some website that 15:29I visited. I didn't get a token that's that a 15:33bad guy planted on a website. And now I can't 15:37get to, you know, my self evaluation. I just brought 15:41that up because they're due. Yeah. So I think that, 15:47you know, at the end of the day, people are 15:51always going to kind of. There's no accounting for peeps. 15:54You know, personal psychology, I guess, is what I would 15:57kind of come down to. And, and I've said this 15:59so many times on the show, people have said this 16:00so many times on the show. So much of security 16:03is just kind of dealing with that psychology and just 16:06enabling people to make the best decisions in the situations 16:09that they're in. So let's move on to our Next 16:12story then. 200 companies breached in the Gainsite attack. Hackers 16:21compromised the customer support platform Gainsight to get access to 16:26Salesforce data through connected apps. Now, for me, the most 16:29interesting part of this particular attack is that the threat 16:32actors first got into Gainsight through that Sales Loft breach 16:36back in August, if folks remember that. So if you 16:38recall, you know, the Sales Loft breach involved hackers stealing 16:42some authentication tokens from the Drift chatbot and then using 16:46those to get into some connected Salesforce instances. Now, according 16:49to the hackers themselves, they initially breached Gainsight during this 16:54attack and then they used that access to move laterally 16:58into Gainsight's customers Salesforce instances a few months later. And 17:03the most striking thing for me off the bat is 17:06that long tail of this breach, right. We're talking about 17:09fallout from an attack that happened a few months ago, 17:12which, which, which seems like a complicated timeline to kind 17:14of deal with. Michelle, any thoughts on your end about 17:18what this, you know, how this timeline looks, how it 17:21complicates things for defenders? What's your take here? Yeah, absolutely. 17:24I mean, I think it's sort of a warning to 17:28when these types of events happen to sort of anticipate 17:32or expect a bit of a fallout and to be 17:35on guard and vigilant with this type of attack or 17:40compromise. It's just another fallout from targeting this type of 17:45ecosystem. Right. Where we now again have the proverbial domino 17:51effect across all of these organizations. Yeah, it's that ecosystem 17:55situation again, right. And it's kind of why I wanted 17:57to include that here because it's yet another example of 18:00like that software supply chain being kind of vulnerable and 18:03it being hard to get some visibility into that. And 18:06speaking of visibility, you know, Brian, do you have any 18:11thoughts on how organizations can kind of, I don't know, 18:13maybe gain some more insight into all these moving parts 18:16going on in, in their software supply chains or is 18:19it just kind of, I don't know, wait until something 18:21happens? Any takes there? I was reading a bit about 18:24like the tokens and that were affected in this attack 18:28or that were used and they're like the persistent permissions. 18:33I'm not really sure if that's something that you need 18:36for, for all of these that maybe that, that could 18:39be a huge issue because with those persistent permissions, that's 18:44just giving attackers the chance or the opportunity to go 18:48in there and exploit those. But I guess that's, that's 18:53the only thing I have on that. Well, I'm glad 18:54you brought that up. Right. Because I do think one 18:56of the important stories here is like this, this kind 18:58of, you know, system to system trust that we have 19:01sort of, you know, inherently it's like, hey, you know, 19:04we trust the, the SaaS vendor so we trust them 19:06to have this kind of persistent access, not necessarily thinking 19:09about what that access could do if it falls into 19:13the wrong hands. Right. Dave, how about you? I want 19:15to bring into the conversation any thoughts gain site attack 19:19on, on the sales loft breach. What's your take here? 19:22Any time that you have a breach, you're, you're going 19:25to have to sit back, you're going to have to 19:27evaluate where the breach came from and you're going to 19:29have to evaluate what that breach is going to touch. 19:33And you really do need to be in the mindset 19:36that it's going to touch everything because chances are it 19:40is. So if you're, if you're hosting gainsight like Salesloft, 19:45Salesforce, Gemini, Google, any of the big software chains, it's 19:52going to be touched. So you have to go through 19:54and you've got to work with all of those companies 19:56that you partner with to make sure that their software 20:01is secure and let them know, hey, we've been breached, 20:04that means you could possibly be breached. And unless someone 20:08completely rebuilds their network and their software connections and that's 20:13always going to be a problem. Absolutely. So it calls 20:16for like a more collaborative approach almost to this kind 20:19of stuff in terms of practicalities. I mean, I don't 20:23know, is There any way to foster more of that 20:25collaboration? Do we see enough of it right now? You 20:29know, I'm just going to kind of go around, I 20:30think the circle here and see what our thoughts are 20:33in terms of the state of this, you know, inter, 20:35organizational, interplatform collaboration. Michelle, I'll start with you. Do you 20:39think things are on the right footing for this stuff 20:41right now? Yeah, I mean, I guess we could always 20:43do better. There's definitely a lot of organizations and CERTs 20:47and ISACs and opportunities to share information where we can 20:53all benefit from. I think it's also a issue of 20:59having the right curated threat intelligence and knowing what to 21:04focus on because there's so much out there and something 21:07that may not seem as a big issue could be 21:10a very, well, a major issue for your organization based 21:15on your attack surface. So I think you can't put 21:19out all of the fires, especially the ones that aren't 21:22near your house, but you should definitely focus on the 21:24ones that are really close to your house, like next 21:26door. Yeah, it's a fine line, right? It's like these 21:30things, you know, they can, the attacks can ramify in 21:32very interesting ways. You can't expect, but you still need 21:35to like pay attention. You can't just assume that every 21:37single one's going to hit you. Right. And so, I 21:39don't know, it's a delicate balance. Brian, your take any, 21:42any thoughts there. To go along with what Michelle said? 21:45Just taking these threats seriously. I think that sometimes when 21:49organizations are willing to share their information, other organizations don't 21:54take it seriously. I mean, for example, if you tell 21:58your next door neighbor that, hey, you don't have a 22:00front door, you're, you know, your door is missing and 22:03they don't do anything about it and they get robbed. 22:07I mean, I think that's a frustrating thing in the 22:09world of security. I feel like Dave and Michelle will 22:12both agree to that. You need to take, take these 22:15things seriously when they arise. And like Dave said, do 22:19your due diligence and look at each and every part 22:23of your organization because like you said, chances are, it 22:26is affected. Fantastic. Then let's move on to our next 22:30story. The Android streaming devices that hijack home bandwidth for 22:36the bad guys. Now, security researcher Brian Krebs broke down 22:43the nefarious network of super boxes and other cheap IoT 22:47streaming devices, all for sale in legitimate stores and websites 22:52that secretly conscript consumers Internet connections from malicious activity. So 22:57at a high level, the scheme kind of works like 22:59this. The devices promise to, to let People stream various 23:03platforms for free and, and they, they make good on 23:06that. Subscript. Very sketchy apps. But the deal that you're 23:10making that you may not know as a consumer is 23:12these on the back end. These boxes are also using 23:16your home Internet connection as bandwidth for a proxy network 23:19that helps funnel traffic for botnets, shady content scrapers, and 23:23all kinds of malicious activity. Now, you know, most of 23:27our listeners are enterprise security folks and we often touch 23:30on enterprise security topics. So to start off this little 23:33story, I'm wondering, is there an enterprise angle to this 23:36risk or is this purely a consumer safety issue? And 23:39I'm going to start with you, Brian. Do you think 23:40this is something organizations need to be worried about or 23:43is it just, hey, consumers, watch what you're doing. Maybe 23:46a little bit about. I mean, I think everybody can 23:48take a lesson from this. It, to me, it's like 23:53if it's something that seems too good to be true, 24:03Absolutely. And I'm also kind of thinking about, you know, 24:05we were talking before about shadow it, and it's very 24:08easy for me to see, I don't know, somebody plugging 24:10this thing into the wrong network or, you know, I 24:12don't know, maybe you've got your company laptop on the 24:15same network as this thing and who knows what it's 24:17going to do, you know, So I think there's opportunity 24:21here to ramify. That's a great point. I feel like 24:23that's very much the case. When users have something like 24:26this at home, they're taking the work home. Now, a 24:29lot of us work from home at least a few 24:31days a week. So chances are, yes, if you have 24:33one at home, it's on the same network. Yeah. Side 24:35note, I said the word ramify like 12 times in 24:38this episode. Why do I keep saying that word? Okay, 24:40now one of the very interesting things to me about 24:44these devices is that they, they, they, they totally sidestep 24:48the kind of dark web distribution we're used to for 24:50a lot of malware. Right. You know, they're promoted by 24:53influencers on social media sites. Not big name influencers, but 25:04Now the retailers are rarely selling these things directly. Right. 25:07It's often third parties using their platform, but they're still 25:09there. Right. And you have a sort of element of 25:12trust in these things. And I'm thinking about how one 25:16of the most common tips we give people to avoid 25:19being scammed is only shop in legitimate stores. What happens 25:23when you're, you're shopping in a legitimate store and you 25:25buy one of these things? Michelle, any thoughts on how 25:27this complicates our defenses? Our anti phishing techniques, if you 25:30will? Yes, absolutely. So when I saw this article, I 25:34immediately sent it to my family because tis the season, 25:37right? Everybody's gonna go out and they're gonna be shopping 25:41and there's so many scams out there. So it's never 25:44too early to be warning about that, so. Exactly. I 25:49was thinking the same thing. Right. You have these trusted 25:53vendors, whether it's brick and mortar or online, but they're 25:57selling these products that shouldn't be trusted. But it's not 26:00too far of a leap to go from trusted vendor 26:03to trusted product. But we see this across all types 26:06of industries. So you know, pharmaceutical, food industry, if you 26:10go into your favorite supermarket and you buy something, it 26:14could be expired, you might go into your favorite restaurant, 26:17there could be, you know, food that gives you food 26:20poisoning. So but you know, these are trusted providers across 26:25many different industries and, but you know, it's similar concept 26:29with this box that could be sold at your favorite 26:32store, online or otherwise and they're not to be trusted. 26:37So again, it comes back to awareness. Absolutely. Dave, your 26:41take on this whole scheme, any thoughts? I would never 26:44buy one of these. Not to say that there may 26:49be one in the living room, I don't know. But 26:52seriously, I don't know how many people have gone to 26:55Amazon and actually looked at sold by. Everyone thinks that 27:00when they go to Amazon they're buying it from Amazon. 27:03That's not necessarily the case. Like you were alluding to 27:05earlier, Best Buy does the same thing. You can go 27:08onto the Best Buy website and you can buy something 27:11that's actually not sold in the store. So. So the 27:13trust be very wary about trusting Amazon when it's sold 27:19by someone else. Amazon is just a distribution platform for 27:22them. As far as having it on your network with 27:25your work machine, I mean, yeah, you probably shouldn't do 27:28that, but if you do, what's anyone actually going to 27:35do about that? Is IBM going to call me and 27:37say, hey, we noticed you have a super box on 27:40your network? The first question that's going to come out 27:42of my mouth and is what are you doing scanning 27:44my network? The trust has to be there. And it's, 27:50and it's, you can't, you can't go by where something's 27:53purchased from to gain the trust. Yeah, these boxes really 27:57don't have a place in the home. And I understand 28:00why people get them. They can't afford Netflix. Well, Netflix 28:04is 7 99. Cough up the 8 bucks. Don't go 28:09buy one of these super boxes. You really are putting 28:12yourself, your network, your family at risk by doing this 28:16because you're opening up this gigantic door that someone doesn't 28:21even have to, you know, you don't have to be, 28:23you know, 4 foot 9 to walk through it. You 28:26can walk through it as a seven foot tall giant. 28:29It's there. And so don't do that. That's my answer 28:33to that. Don't do that. It's what I used to 28:36tell my kids. Well, that burns. Well then don't do 28:38that. You heard it here, folks, just don't do it. 28:41But no, but I'm glad, I'm glad you brought up 28:44that, that, that buzzword trust, right? It's been in like 28:47all of our conversations today. And it's like the through 28:49line, right? How like at the end of the day 28:51you can't really use something like, you know, what's the 28:54name of the website as a proxy for trust or 28:56like, or what, what, who developed the thing, right? Like 28:59you have to do your due diligence as the individual, 29:02whether you're a developer, consumer or whoever. You got to 29:05make sure the stuff that you' plugging in is safe. 29:08And, and you know, that can be tough, but just 29:10you can't just rely on it being Amazon. How was 29:13the organization even know that this thing is on your 29:15network? And that raises the question for me of like, 29:19is there really, there's, I guess there's nothing that an 29:21organization can kind of do, right, like short of, of 29:24surveilling people. I'm probably getting into territory that's going to 29:27get this part cut. But I just need to ask 29:29the question, you know, is it just kind of like, 29:32hey, you know, tell your workers not to buy these 29:35kinds of things and then just cross your fingers and 29:37hope that they don'? Is that the extent of our 29:39defenses here? It's about the only thing you can do. 29:43You can't stop Joe Public from buying one of these 29:48or Joe IBM from buying one of these and putting 29:50it on their network. You can say, don't buy one 29:53of these. It's dangerous to the network or it might 29:56be dangerous to our machinery, but in the end, I'm 29:59paying for my Internet access. I'm paying for my network 30:02access. If something happens to an IBM Product, the machine 30:07that I'm using. Okay, then maybe I should be held 30:10responsible. Responsible for that. But as far as putting it 30:12on my network, I don't really see a case where 30:16any company would be able to say, don't do that, 30:19or you can't do that. I should say, absolutely. Brian, 30:22I saw you nodding. Do you have anything to add 30:24there? Yeah, exactly what Dave said. You can tell people 30:28not to do something, but at the end of the 30:29day, it's their prerogative. They pay for their WI fi, 30:32they pay for their power. If they want to connect 30:35something in their home and be at risk, then. And 30:37that's up to them. I will touch on what Dave 30:40said about just going out and purchasing Netflix. I think 30:44what makes these things so attractive in today's world is 30:48that you can't just have Netflix anymore. You have to 30:50have hbo and you have to have Hulu and Disney, 30:53and you have to have Amazon and you have to 30:55have Paramount. And I feel like the list keeps getting 30:58longer and longer every time I want to watch a 31:00show. Sometimes I feel like halfway through a season, I 31:04have to switch to another streaming service. It seems to 31:07be getting a little ridiculous. So paying one one price 31:11to have access to everything is awesome, but I feel 31:15like we also need to use that. I don't know, 31:18just your gut instinct. Like Michelle was saying, like, you 31:21can go off to the store and purchase something, but 31:24if it looks bad or maybe seems like it's expired 31:28and you don't feel great about putting it in your 31:31cart, just don't do it. It. I read that you 31:33have to rip out, essentially rip out the Google Play 31:37store to get this to work. That should probably be 31:39like, huh, Maybe at least get you get, you know, 31:42get you thinking that this might not be the best 31:44idea. But honestly, I do see. I do see the. 31:50The attractiveness in this and, like, the desire to want 31:53one of these. I actually recently thought about, like, oh, 31:56could I build one myself? That's a little bit safer. 31:59Like, because, I mean, it is. It's. It's awesome. Like, 32:02who would not want to have access to this? That's 32:04part of what makes it such a good scam, though, 32:05right? Like, it promises to address, like, a real pain 32:07point that people. We. Look, we've all been there, man. 32:10We've all been like, how do they reinvented cable? But, 32:13like, you know, like, it addresses. It claims to address 32:16a real pain point. It just does so in a 32:17really shady, sketchy way. And, you know, I'm just. I'm 32:21glad that, you know, you both brought up this fact 32:23that, like, I think sometimes you have a tendency to 32:26feel like in the name of security, we have to 32:28kind of go a little further than we really should 32:31in terms of what we tell people to do or 32:32what we're allow them to do. At the end of 32:34the day, hey, you have to recognize that there's a 32:36separation and that, you know, people are people and what 32:39they do in their, you know, on their home networks. 32:41You don't have a right as an organization to touch 32:44on that. Zooming out, though, I want to talk a 32:48little bit about what this says about the kind of 32:50state of IoT security, because I feel like for as 32:53long as I've been around, people have been saying IoT 33:02up to everything else? Yeah, because I think a lot 33:06of them are in the hands of just everyday people. 33:10All of those devices that are just open to the 33:12Internet, that are just food for botnets. Yeah, we've been 33:17tracking that for a long time. I don't know. But, 33:21you know, it kind of likens to this previous story 33:23about the box. I think there is something to be 33:27said about individuals taking ownership of their own personal security 33:33that then has an impact in what they do in 33:36their workplace. So if they're taking ownership of that and 33:40doing, you know, what is best for themselves personally and 33:45their own home environment, then that would, I would imagine, 33:49have some sort of positive impact on what they do 33:51in the workplace. Because it's all about kind of just 33:54thinking about it. It. Right. Just taking a minute to 33:57just stop and think about it. Is this the right 34:01decision? Am I making the right choice? And I know 34:04that's difficult to do because you have to apply that 34:06to so many things in your life now you have 34:09to do it, you know, as it relates to cybersecurity. 34:12But I do think there, there could be impact there 34:15if you just stop and think is, is this going 34:17to impact me in some negative way? And I'll just 34:20say real quick that I had a conversation with a 34:23friend over the weekend where her family members had experienced 34:28some fraud and it kind of led back to not 34:31having MFA enabled. And it's like, that is something we've 34:35talked about so much, right? And now they know. I'm 34:39sure MFA is now enabled across everything that can possibly 34:42have mfa, but they had to experience that compromise first 34:46to know that. But wouldn't it be great if they 34:48did it. Absolutely. And yeah, ever since we've started this 34:51podcast, actually even before that, ever since I got into 34:52the security world, I just yell at all of my 34:54friends and family to make sure they have, have many 34:57factors of authentication. But I like that, that's a nice, 35:00positive kind of end to this, this segment. You know, 35:04if you, if, if people kind of take some, you 35:06know, practice personal, practice security in their personal lives in 35:10good ways, that shows up elsewhere. Right. And, and that 35:14can have those, you know, effects on, on your corporate 35:17security too. I do not own one of those, by 35:20the way. No, Dave, we know, we know that people 35:24would never, ever do anything sketchy in any way, shape 35:28or form. You're an upstanding gentleman. Moving on to our 35:33last story of the day, Malicious poems break AI guardrails. 35:42Now, I saw this and I had to put it 35:45on the show because as people probably do not know, 35:48outside of my day job as a podcaster, I am 35:50a poet. And so the one time I'm allowed to 35:52talk about poetry on this podcast, I will do it. 35:55In a paper titled Adversarial Poetry as a Universal Single 35:59Turn Jailbreak Mechanism in Large Language Models, researchers from Dexi 36:04Sapienza University of Rome and Santana School of Advanced Studies 36:08share that phrasing malicious prompts as poems instead of direct 36:12instructions is a remarkably effective way to break guard rails 36:15on 25 different models, including all the big ones. Your 36:18Geminis Gro, your chat GPTs, Anthropic deep deep sea seek, 36:22they all kind of fell for this thing. The researchers 36:25original poems, you know, when they write, they wrote like 36:27a malicious poems with their own two hands, achieved an 36:30overall attack success rate of 62%. And if they took 36:34some prose malicious prompts and fed them to machines and 36:37had them turned into pro poems, they still had a 36:40success rate of 43%, which is pretty high. So I 36:43just want to start with initial takes from people. What 36:46do you think about using poems to break the AI 36:49systems? Dave, let's start with you. Any thoughts here? I 36:52am always looking for a to break the guard rails 36:55on AI. Not because I want to do anything malicious, 36:57but because I want to see what, you know, test 36:59the security of the AI that I'm using. Gemini 100% 37:05success rate when using this pros chat GPT 0 to 37:1010%. Which 1am I going to trust more? I'm going 37:14to go with chat GPT if it's something that I 37:16need to establish trust with. I think it's brilliant to 37:20use poetry to get this guardrail off of these things. 37:24I really don't want to see it in the AI 37:27that I'm using, so I'm going to lean more towards 37:31the ones that are more secure. And if I want 37:33to try it myself, I'll write a poem and stick 37:35it in Gemini. Brian, I want to get your take. 37:38Any thoughts here on your end? Yeah, I honestly think 37:42that this is setting up for the great backdrop for 37:46a movie where a special team needs to acquire like 37:51the best poet in the future when AI has taken 38:01No, it's on a serious note. I think it, it's, 38:05it's just interesting how people are constantly finding new ways 38:10to jailbreak these AI systems, these LLMs. I, I don't 38:15know where I read it before, but somebody said or 38:19told me that it's like it's more of an art 38:21when dealing with these and when trying to jailbreak them, 38:24especially when new models come out because one that was 38:30better defended against a prompt like this, now with the 38:33new model might not be so because of reasons that 38:36people aren't sure of. But like Dave, I'm always trying 38:41to find new ways to jailbreak these as well before 38:44I start. Start using one that I want to, I 38:49guess, want to choose as my. As my daily driver. 38:54Yeah, I'm always trying to jailbreak these in different ways, 38:56so it's super interesting. Absolutely. Michelle, let's bring you in 38:59here. Any thoughts on this tactic? Yeah, I mean, obviously 39:02very creative, right? So we can throw poems at it. 39:05We can throw maybe rap songs, other genre of music, 39:11creative language. Yeah, let's keep doing that. I think, as 39:15Dave and Brian both said, we need to make sure 39:19that we're training and leveraging models that are. That can't 39:23get jailbreak. So the only way to do that is 39:25to jailbreak it. Right. To continue to improve upon the 39:30models and the versions. Trust but verify. Trust but verify. 39:33Ooh, that's good. And you know what? That's a perfect 39:35way to end the episode because that is all the 39:38time we have have for today. I want to thank 39:40our panelists, Michelle and Dave and Brian and thank the 39:44viewers and the listeners, of course. As always, subscribe to 39:47Security Intelligence wherever podcasts are found. Stay safe out there 39:51and don't let anyone tell you that poetry degree was 39:54useless. You finally have a reason for it. Now, a 39:57sneak peek of our latest Security Intelligence audio only bonus 40:01episode. Trawling the honeypot. What it's like to discover a 40:04new malware Strain. They call it a honeypot. A fake 40:10computer system set up to attract cybercriminals just like bees 40:14to honey. The purpose is twofold. First, if they're busy 40:18attacking a dummy system, they won't be attacking your real 40:21assets. Second, while they're poking around in your digital terrarium, 40:27you can watch them, learn from them, see what they're 40:30up to in a safe, control, controlled environment. I understand 40:33where the name comes from. Honeypot, as in something enticing. 40:38But to me, they look more like superfund sites. Pits 40:42into which all the Web's toxic sludge flows. Grease traps 40:46more than honey traps. But if you've got the guts 40:49to dig through that sludge, you can find things, valuable 40:53things, things that help security pros and everyday people protect 40:57themselves from that poison. I'd say diamonds in the rough, 41:00if we weren't actually talking about malware. Okay, so, hi, 41:09I'm Raymond Joseph Alfonso. I am a malware reverse engineer 41:14for IBM X Force Threat Intelligence team. Raymond is one 41:18of those people with guts. As a malware reverse engineer, 41:21he spends a lot of time working directly with some 41:24very dangerous code. Code. Malware analysis is really exciting because 41:28you don't really know what you're going to get this 41:30time. And I also find it kind of fulfilling because 41:33sometimes I'm also learning new things. The only downside that 41:37I can think of is sometimes it gets real stressful. 41:41You know, Raymond is in the malware pit every day, 41:44by which I mean a fake inbox meant to solicit 41:47phishing emails and assorted other evils. It was there not 41:51too long ago that one junk email caught his eye. 41:55When I was doing my research, I saw this one 41:57emailed. I decided to investigate it further, and then I 42:00saw that it was delivering different payloads every time. Quirky 42:04loader. That's what this thing came to be known as. 42:08Raymond still can't say for sure why this particular email 42:12stood out. As far as spam goes, it was fairly 42:15nondescript. But I don't know, call it his spidey sense. 42:19Something triggered an alarm. Alarm. So he started to dig 42:22in, and what he found was far from nondescript. A 42:27malware loader combining both tried and true tactics and some 42:31new tricks for evading detection. As they always say, cybersecurity 42:35is a cat and mouse game. And I think it 42:38will always be like that until the end of time. 42:40So we should always try to stay on top of 42:42the current malware trends in order for us to effectively 42:46protect others from those threats. Listen, to the full episode 42:52wherever podcasts are found.