New ‘Sleepy Pickle’ exploit puts ML models at risk
SISA Weekly Threat Watch – our weekly feature brings to you a quick snapshot of all the major security vulnerabilities that posed a threat to organizations worldwide. These recurring actionable threat advisories will also provide information and recommendations that will help security teams take appropriate actions to defend against the latest and critical threats.
1. Sleepy Pickle: A new threat to machine learning model security
The security risks associated with the Pickle format have resurfaced with the identification of the ‘Sleepy Pickle’ exploit technique, which compromises machine learning (ML) models by leveraging Pickle’s capability to execute arbitrary code upon deserialization. This poses a significant supply chain threat to downstream customers. The attack involves inserting a malicious payload into a Pickle file, delivered through methods such as Adversary-in-the-Middle attacks, phishing, or supply chain compromise.
Once deserialized, the payload can alter ML models by inserting backdoors, controlling outputs, or tampering with data. This stealthy attack can evade traditional security measures, affecting broader ML ecosystems. Organizations are advised to load models from trusted sources, use signed commits, and consider converting models to more secure formats like TensorFlow or Jax.
2. ASUS alerts users to critical vulnerability in 7 router models
ASUS has released critical firmware updates addressing multiple vulnerabilities in various router models. CVE-2024-3080 allows remote attackers to bypass authentication and take control of affected devices, impacting models like ZenWiFi XT8 and RT-AX88U. CVE-2024-3079 requires admin access for exploitation, while CVE-2024-3912 permits arbitrary firmware uploads on DSL models.
Users are urged to update their routers to specified versions to mitigate these risks, especially since some models are end-of-life and will not receive updates. Additionally, ASUS updated Download Master to fix medium to high-severity issues; users should upgrade to version 3.1.0.114 or later and implement strong passwords and disable unnecessary remote access features for enhanced security.
3. DISGOMOJI: The cyber spy tool evading detection with emojis
A new Linux malware named ‘DISGOMOJI’ has been discovered targeting Indian government agencies, attributed to a Pakistan-based threat actor identified as UTA0137. This sophisticated malware uses Discord and emojis for command and control, enabling it to evade traditional security measures that scan for text-based commands. The malware processes commands indicated by emojis, signaling command processing with a “Clock” emoji and completion with a “Check Mark Button” emoji.
DISGOMOJI, found in a UPX-packed ELF executable within a ZIP archive likely distributed via phishing emails, downloads additional payloads upon execution and exfiltrates system information to attackers. It achieves persistence through the @reboot cron command and can spread laterally to steal data and capture credentials. To mitigate risks, it is recommended to regularly update and patch systems, enhance email security, implement network segmentation, and monitor traffic for unusual outbound connections.
4. Malicious campaign uses trusted sites to distribute BadSpace backdoor
Compromised legitimate websites are being used to distribute the Windows backdoor named BadSpace, masquerading as fake browser updates. The attack starts with a compromised website, often built on WordPress, injecting malicious code to collect user details on their first visit. This information is sent to a server, which responds with a fake Google Chrome update pop-up that delivers the malware or a JavaScript downloader to install BadSpace.
BadSpace includes advanced features like anti-sandbox checks, persistence mechanisms, and information harvesting, with capabilities such as taking screenshots, executing commands, and manipulating files. To mitigate risks, regularly update systems, implement strong website security measures, educate users about phishing and fake updates, and deploy comprehensive endpoint protection solutions.
5. Oyster backdoor distributed via trojanized software installers
A recent malvertising campaign is exploiting trojanized installers of popular software like Google Chrome and Microsoft Teams to deliver a backdoor named Oyster. This involves lookalike websites that host malicious payloads, redirecting users from search engines to fake sites. Users end up downloading malware instead of the intended software, initiating a backdoor infection chain. The malware, linked to the Russia-affiliated ITG23 group, gathers system information, communicates with a command-and-control server, and facilitates remote code execution.
After execution, legitimate software like Microsoft Teams is installed to maintain legitimacy. This campaign also coincides with other cyber threats, including email phishing campaigns by Rogue Raticate using PDF decoys to deliver the NetSupport RAT and the rise of the ONNX Store, a phishing-as-a-service platform. To mitigate risks, verify software sources, keep systems updated, educate users on security practices, and enable multi-factor authentication.
To get daily updates on the critical vulnerabilities being exploited by threat actors, subscribe to SISA Daily Threat Watch – our daily actionable threat advisories.