Intelligent CISO Issue 99 | Page 35

UPDATES

threat

UPDATES
CANADA
Researchers at the University of Toronto have published new research demonstrating an AI-powered worm capable of adapting its attack strategy as it moves through a network, highlighting a potential new challenge for cybersecurity teams.
Unlike traditional worms, which typically exploit a fixed vulnerability, the prototype can reason through new attack paths and tailor attacks to different systems. Researchers said this could make such threats significantly harder to stop using a single patch or signaturebased defence.
The findings suggest that existing defensive models may face increasing pressure as AI enables malware to adapt and mutate while operating inside a target environment.
According to Ken Ammon, CEO of CodeHunter, the development challenges many of the assumptions underpinning traditional malware detection.
“ The significance of AI-powered worms is not that they spread automatically. Worms have existed for decades. The difference is that AI allows malware to adapt, mutate and develop new attack paths as it encounters different environments. That undermines many of the assumptions behind traditional malware defences, which depend on recognising known patterns, signatures, indicators of compromise, or behaviours after execution has already begun,” said Ammon.
NORTH KOREA
Proofpoint researchers have uncovered a new likely North Korea-aligned threat cluster, dubbed UNK _ DeadDrop, that targeted almost 100 organisations in just six weeks by embedding malware within GitHub repositories, software projects and malicious coding extensions.
The campaign represents a significant evolution in North Korean cyberoperations. Rather than relying solely on fake recruitment schemes and job interview scams, the threat actor is now exploiting trusted developer workflows to steal cryptocurrency assets, credentials and sensitive information.
According to Proofpoint, the campaign targeted organisations across the technology, cryptocurrency, finance and education sectors. Developers were approached through fake recruiter outreach, project collaboration requests and code review opportunities designed to build trust and encourage interaction with malicious content.
The researchers found that malware was delivered through seemingly legitimate GitHub repositories and developer projects. In addition, malicious extensions for Visual Studio Code and Cursor were used to establish persistence on victim systems while helping the attackers evade detection.
WWW. INTELLIGENTCISO. COM 35