Exposed HuggingFace API tokens, Hacks on US and UK govt, MS news - 

Dec 3-10, 2023 - F5 SIRT - This Week in Security

Editor's introduction 

Hi there, Arvin is your Editor for This Week In Security, covering 3 to 10 December 2023. This week, we look at news on Exposed Hugging Face API tokens, Microsoft's glass storage project Silica, end of Windows 10 support announcement, hacks on US and UK governments.

Here's my quick run through of the week's security news.

Researchers found HuggingFace API tokens of large organizations models are hard coded in HuggingFace and Github repositories. These API tokens have write permissions and can be used to Poison Training Data, push vulnerable components such as in supply chain attacks and theft of proprietary models. The affected organizations with exposed API tokens have millions of downloads and have potential wide spread impact to developers who downloaded their LLMs. Huggingface and affected organizations have revoked the exposed API tokens and made necessary changes to address the reported exposure. Hugging Face recommends users to not publish any tokens to any code hosting platform.

I spent some time watching Microsoft's glass storage project presentation, Silica, and we really are nearing the future. I remember there was a movie some time ago where memories are stored in glass media. This project, in my view, is pretty similar. MS is working on writing (thru Ultrafast femtosecond lasers) layers of archival data - Voxels encode multiple bits of data and are written in 2D layers across the XY plane - into a (quartz) glass platter. These glass platters are stored at rest with no consumption of electricity and makes it a sustainable and durable archival solution, will be available in Azure Cloud for now, per MS. data written to the glass media cannot be overwritten during reading as it only requires regular light with polarization-sensitive microscopy and it does not have enough power compared to Ultrafast femtosecond lasers during writes, thus achieving true airgap by design for the storage media. This also means it will be harder for threat actors and  malware to target the data written in the glass media such as in ransomware attacks.

Security support for Windows 10 will end on October 14, 2025. Organizations do not typically abandon deployed operating systems just because it ended support. There are many factors, however, mostly it would be business continuity and cost. MS will offer Extended Security Updates (ESU) for Windows 10 systems thru a paid subscription till 2028.

 A couple of hacks happened during the week, one is a ransomware attack on a 3rd party provider service provider that affected 60 US credit unions. The entry point of the ransomware attack was believed to thru the CitrixBleed vulnerability. A nuclear power plant in the UK, Sellafield nuclear complex, was thought to have been compromised by threat actors since 2015 with sleeper malware embedded in critical systems compromising info on movement of nuclear materials and safety. the UK govt denies the hack but recognizes improvements are needed to further secure the facilities. Various intelligence agencies have released a security advisory on CyberAv3ngers, an Islamic Revolutionary Guard Corps (IRGC)-affiliated group, has been "actively targeting and compromising" Unitronics Vision Series PLCs of U.S. Water and Wastewater Systems Facilities. CISA urged organizations to "don't expose PLCs to the open internet, and don't use default passwords."

These security news are a reminder to us, defenders, to secure access to critical systems, allow only expected networks and authenticated trusted users, keep these systems up to date, clean up code repositories of authentication tokens and implement least privilege access. Implement and improve security checkpoints/processes to prevent potential compromise.    

We covered a wide range of Security News on various technologies and I hope these have been educational and informative. 

The F5 SIRT creates many security related content posted here in DevCentral sharing the team's security mindset and knowledge . Feel free to view the articles that are tagged with the following:

 F5 SIRT series-F5SIRT-this-week-in-security TWIS

Exposed Hugging Face API tokens offered full access to Meta's Llama 2

The API tokens of tech giants Meta, Microsoft, Google, VMware, and more have been found exposed on Hugging Face, opening them up to potential supply chain attacks. 

Researchers at Lasso Security found more than 1,500 exposed API tokens on the open source data science and machine learning platform – which allowed them to gain access to 723 organizations' accounts.

In the vast majority of cases (655), the exposed tokens had write permissions granting the ability to modify files in account repositories. A total of 77 organizations were exposed in this way, including Meta, EleutherAI, and BigScience Workshop - which run the Llama, Pythia, and Bloom projects respectively.

The three companies were contacted by The Register for comment but Meta and BigScience Workshop did not not respond at the time of publication, although all of them closed the holes shortly after being notified.

"The ramifications of this breach are far-reaching, as we successfully attained full access, both read and write permissions to Meta Llama 2, BigScience Workshop, and EleutherAI, all of these organizations own models with millions of downloads – an outcome that leaves the organization susceptible to potential exploitation by malicious actors,"

‍"The gravity of the situation cannot be overstated. With control over an organization boasting millions of downloads, we now possess the capability to manipulate existing models, potentially turning them into malicious entities. This implies a dire threat, as the injection of corrupted models could affect millions of users who rely on these foundational models for their applications."

Following publication, Hugging Face sent a statement from Clement Delangue, co-founder and CEO at the company:

"The tokens were exposed due to users posting their tokens in platforms such as the Hugging Face Hub, GitHub, and others. In general we recommend users do not publish any tokens to any code hosting platform.

"All Hugging Face tokens detected by the security researcher have been invalidated and the team has taken and is continuing to take measures to prevent this issue from happening more in the future, for example, by giving companies more granularity in terms of permissions for their tokens with enterprise hub and detection of malicious behaviors. We are also working with external platforms like Github to prevent valid tokens from getting published in public repositories."

https://www.theregister.com/2023/12/04/exposed_hugging_face_api_tokens/

https://www.lasso.security/blog/1500-huggingface-api-tokens-were-exposed-leaving-millions-of-meta-llama-bloom-and-pythia-users-for-supply-chain-attacks

Microsoft inches closer to glass storage breakthrough that could finally make ransomware attacks impossible in the data center and hyperscalers — but only Azure customers will benefit from it

The technology is strikingly similar to ceramics-based storage and may replace current day technology soon

Microsoft has released a paper for the widely-anticipated glass-based storage technology it's backing to replace the conventional technology that's fitted into the best hard drives and best SSDs out there today.

The 16-page academic paper, presented at the 29th ACM Symposium on Operating Systems Principles, outlines the principles behind the company's plans to build a longlasting and highly efficient storage systems.

Made from quartz glass, the storage units will be primed for use in the cloud – which means Azure customers will be the first to benefit, and likely the only ones to benefit so long as the technology is embryonic in nature.

https://www.techradar.com/pro/microsoft-inches-closer-to-glass-storage-breakthrough-that-could-finally-make-ransomware-attacks-impossible-in-the-data-center-and-hyperscalers-but-only-azure-customers-will-benefit-from-it

https://www.microsoft.com/en-us/research/project/project-silica/

https://www.microsoft.com/en-us/research/blog/project-silica-sustainable-cloud-archival-storage-in-glass/

Microsoft issues deadline for end of Windows 10 support – it's pay to play for security

Limited options will be available into 2028, for an undisclosed price

Microsoft on Tuesday warned that full security support for Windows 10 will end on October 14, 2025, but offered a lifeline for customers unable or unwilling to upgrade two years hence.

"While we strongly recommend moving to Windows 11, we understand there are circumstances that could prevent you from replacing Windows 10 devices before the EOS [end of support] date," explained Jason Leznek, a member of Microsoft's Windows Servicing & Delivery team, in an statement. "Therefore, Microsoft will offer Extended Security Updates."

Extended Security Updates (ESU) will keep Windows 10 systems functioning and notionally secure after the operating system's expiration date – but not for free.

As with the Windows 7 ESU program – which ended on January 10 – Windows 10 diehards will have the option to pay an as-yet-undisclosed yearly subscription fee to continue receiving monthly security updates for up to three years beyond the end-of-service date.

https://www.theregister.com/2023/12/06/microsoft_windows_10_security/

Scores of US credit unions offline after ransomware infects backend cloud outfit

Supply chain attacks: The gift that keeps on giving

A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacked vendor.

This is according to the National Credit Union Administration, which on Friday told The Register it is fire-fighting the situation with the credit unions downed this week by the intrusion. The NCUA regulates and insures these financial orgs.

"I can confirm that approximately 60 credit unions are currently experiencing some level of outage due to a ransomware attack at a third-party service provider," the NCUA spokesperson said. "Member deposits at affected federally insured credit unions are insured by the National Credit Union Share Insurance Fund up to $250,000."

We're told the unions' IT provider Ongoing Operations – ironic – was hit by ransomware on Sunday, sparking days of disruption for the biz's clients. It's believed the cloud provider was infiltrated via the Citrix Bleed vulnerability.

On Thursday, northern New York's Mountain Valley Federal Credit Union appeared to be one of the many orgs suffering "system downtime" as a result of a ransomware infection at Ongoing Operations. Mountain Valley's CEO described it as a "nationwide" issue. MVFCU has four branches in New York state.

"It has been brought to our attention by our data processor – FedComp Inc, that the third-party vendor of our computer operating system 'Trellance' was the victim of a ransomware attack," boss Maggie Pope said [PDF] in a letter to her credit union members. 

(FedComp had posted a note, since removed, on its website confirming it had been caught up in the aftermath of the ransomware attack: "The FedComp Data Center is experiencing technical difficulties and is under a countrywide outage. We are down with no ETA, but Trellance is still working on resolving the issue. There is no email support, but the Tech line is available.")

https://www.theregister.com/2023/12/02/ransomware_infection_credit_unions/

UK government denies China/Russia nuke plant hack claim

Report suggests Sellafield compromised since 2015, response seems worryingly ignorant of Stuxnet

The government of the United Kingdom has issued a strongly worded denial of a report that the Sellafield nuclear complex has been compromised by malware for years.

The report, appearing in The Guardian, claimed that the controversial complex was hacked by "cyber groups closely linked to Russia and China," with the infection detected in 2015 but perhaps present before that year.

The report claimed that "sleeper malware" was embedded in unspecified systems, potentially compromising info on movement of nuclear materials and matters related to safety.

A UK government statement insists "We have no records or evidence to suggest that Sellafield Ltd networks have been successfully attacked by state-actors in the way described by the Guardian," adding "Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system."

"All of our systems and servers have multiple layers of protection," reads one of the rebuttal's bullet points. Another adds "Critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these."

The Guardian's report mentioned infections in "IT systems" and malware "embedded in Sellafield's computer networks."

But it is not clear if those systems and networks are isolated, per the government response.

https://www.theregister.com/2023/12/05/uk_government_denies_sellafield_hack_claim/

US warns Iranian terrorist crew broke into 'multiple' US water facilities

There's a war on and critical infrastructure operators are still using default passwords

Iran-linked cyber thugs have exploited Israeli-made programmable logic controllers (PLCs) used in "multiple" water systems and other operational technology environments at facilities across the US, according to multiple law enforcement agencies .

In a take-out-the-trash-time release on Friday night security advisory, the FBI, National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Environmental Protection Agency (EPA), plus the Israel National Cyber Directorate (INCD) warned that CyberAv3ngers, an Islamic Revolutionary Guard Corps (IRGC)-affiliated group, has been "actively targeting and compromising" Unitronics Vision Series PLCs, since at least November 22.

The US designated the IRGC as a foreign terrorist organization in 2019.

But the gang did not need sophisticated tactics to run this attack: the joint advisory suggests Cyberav3ngers likely broke into US-based water facilities by using default passwords for internet-accessible PLCs.

https://www.theregister.com/2023/12/04/iran_terrorist_us_water_attacks/