MITRE and Microsoft have teamed up with other organizations in developing a framework to identity, respond to, and stop attacks on machine learning (ML) systems. Attacks on ML systems have increased markedly recently, yet organizations have taken few steps to secure them. The Adversarial ML Threat Matrix is an industry-focused open framework designed to protect ML from attackers.

More:

• A Microsoft survey found that most businesses (25 out of 28) do not have the right tools to secure their ML systems.
• Gartner predicts that by 2022, 30% of artificial intelligence (AI) cyberattacks will leverage training-data poisoning, AI model theft, or adversarial samples to attack ML and other AI-powered systems.
• Earlier this year, the Software Engineering Institute's CERT warned that many ML systems are vulnerable to arbitrary misclassification attacks that could compromise their confidentiality, integrity, and availability.

The Treasury Department has slapped sanctions on several Iranian organizations for disinformation campaigns to influence the U.S. elections. The organizations are the Islamic Revolutionary Guard Corps (IRGC), IRGC-Qods Force, Bayan Rasaneh Gostar Institute, Iranian Islamic Radio and Television Union, and International Union of Virtual Media.

More from the Treasury:

• The Treasury is freezing U.S. properties owned by these groups, and U.S. individuals and companies are prohibited from engaging in transactions with them.
• Foreign financial institutions could face U.S. sanctions if they facilitate transactions for these organizations. 
• Treasury accused the organizations of trying to sow discord among U.S. readers of social medial platforms and messaging applications. 

Attackers are targeting loyalty programs with credential stuffing attacks, according to a report by Akamai. The cybercriminals are selling account access, points, and other rewards stolen from loyalty programs on the dark web. Between July 2018 and June 2020, Akamai recorded more than 100 billion credential stuffing attacks, with more than 63 billion of them targeted at retail, travel, and hospitality industries that rely on loyalty programs to retain customers.

More from Akamai:

• Using credentials stuffing attacks, cybercriminals are able to exploit stolen usernames and passwords from one organization to breach other sites.
• Loyalty programs are easy targets because many people don't see them as high risk and tend to reuse usernames and passwords for those accounts.
• Attackers are also targeting retail, travel, and hospitality industries with SQL injection and local file inclusion attacks.

In an alert Thursday, U.S. agencies warned that Energetic Bear, a Russian state-backed hacking group, was able to compromise state, local, territorial, and tribal government networks and steal data from at least two servers. In one incident, the group accessed documents about sensitive network configurations and passwords, standard operating procedures, IT instructions, vendor and purchasing information, and access badges.

More from the alert:

• The FBI and Cybersecurity and Infrastructure Security Agency said that there was no evidence that election information was compromised.
• Energetic Bear is also known as Berserk Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala.
• The agencies warned that the Russian group might be compromising networks to disrupt operations in the future, to influence U.S. policies and actions, or to delegitimize the government entities.
• In addition to government networks, Energetic Bear also targeted networks of U.S. airports.

Attackers are abusing a cross-site scripting (XSS) bug on Facebook to redirect victims to a browser locker page that conducts tech support scams, warned Malwarebytes Labs. They are using Facebook to send out malicious links that redirect victims to the browser locker page. Once there, the page mimics a virus scan and warns that the hard drive will be deleted in five minutes if the victim doesn't call the tech support number.

More:

• Browser lockers are fraudulent pop-ups that create the illusion that the computer has been locked and instructs the victim to call for remote assistance.
• Tech support browser lockers are one of the most common web threats, according to Malwarebytes Labs. 
• An XSS bug is a web security vulnerability that enables an attacker to compromise the interactions between users and affected applications.

Nvidia has patched three bugs in GeForce Experience gaming software. Two of the bugs could lead to denial of service, escalation of privileges, code execution, and information disclosure attacks.

More from Nvidia:

• The first bug, an uncontrolled search path flaw, is located in Nvidia Web Helper Node.js Web Service.
• The second bug is located in the ShadowPlay component, while the third is in GeForce Experience services.
• The security flaws affect all versions of GeForce Experience before 3.20.5.70.
• GeForce Experience keeps drivers up to date, automatically optimizes game settings, and enables users to share gaming moments with friends.

A Taiwan subsidiary of Japanese drug firm Shinogi, which is working on a COVID-19 vaccine, was hit by a cyberattack that resulted in a data breach. The company said that import licenses for medical equipment and employee residency permits were stolen, some of which were released on the dark web. 

More:

• Shinogi stressed that no information related to the COVID-19 vaccine development was stolen.
• The attackers are demanding a ransom for the return of the data. 
• CrowdStrike warned this week that China has launched cyberattacks against Japanese research institutions working on COVID-19 vaccines.

French IT services firm Sopra Steria was reportedly hit by a Ryuk ransomware attack that encrypted portions of its network. Sopra Steria confirmed it suffered a cyberattack but did not say it was ransomware. Sources told the French IT website LeMagIT that the company was hit by Ryuk ransomware.

More:

• Sophia Steria has 45,000 employees in many countries and boasts high-profile customers such as Société Générale, BNP Paribas, La Banque Postale, HSBC, Crédit Agricole, RBS, Hyundai Capital and the Bank of China.
• In a statement, Sopra Steria said that it is in "close contact" with customers, partners, and law enforcement about the attack. 
• The Ryuk ransomware group was reportedly behind a number of high profile attacks, including the attack on Universal Health Services. 

SECURITY FUNDING: (This premium content first appeared in the Oct. 21 issue of Inside Security.)

NeuraLegion (San Francisco, Calif.), an application security startup: $4.7M in Seed funding led by DNX Ventures with participation from Fusion Fund, J-Ventures, and Incubate Fund.

Security On-Demand (San Diego, Calif.), a cyber threat analytics startup: $2.2M in grant funding from the EU's National Center for Research and Development.

Sonrai Security (New York, N.Y.), a public cloud security startup: $20M in Series B funding led by Menlo Ventures with participation from Polaris Partners and Ten Eleven Ventures.

Sym (San Francisco, Calif.), a security workflow platform startup: $12M in Seed and Series A funding rounds with participation from Amplify Partners, Mango Capital, and Uncork Capital.

TASCET (Madison, Wis.), a cyber credentials startup: undisclosed amount raised in a funding round. To date, the startup has raised $29.1M.

QUICK HITS:

• The Sonoma Valley Hospital computer systems were shut down by a cyberattack for more than a week. 
• Texas's Parker County was hit by a cyberattack that comprised some systems, but not its election systems, which reside on an isolated network.
• The Japan Post leaked data on 2,750 business partners due to a file attachment mistakenly sent with emails.
• Dr. Reddy's Laboratories, an Indian drug company working on a COVID-19 vaccine, said that a data breach forced it to shut down operations temporarily.
• Chargebee’s virtual summit gathers the biggest market disruptors from Apple, Slack, Drift, Zendesk and the likes to empower SaaS businesses. Join the summit for free.*

*This is sponsored content.