Check out NIST’s comprehensive taxonomy of cyberattacks against AI systems, along with mitigation recommendations. Plus, organizations have another cryptographic algorithm for protecting data against future quantum attacks. And get the latest on the IngressNightmare vulnerabilities, and on cyber risks impacting commercial satellites and domain registrars.

Dive into five things that are top of mind for the week ending March 28.

1 - NIST categorizes attacks against AI systems, offers mitigations

Organizations deploying artificial intelligence (AI) systems must be prepared to defend them against cyberattacks — not a simple task.

Recognizing this challenge, the U.S. government this week published a report to help organizations identify, address and manage cyber risks faced by AI systems.

Titled “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations (NIST AI 100-2)” and published by the U.S. National Institute of Standards and Technology, the 127-page report also offers:

• A taxonomy of adversarial machine-learning (AML) attacks, such as evasion, poisoning, and privacy attacks against both predictive AI systems and generative AI systems; and of AML attacks targeting learning methods
• Potential mitigations against AML attacks, as well as the limitations of these mitigations
• Standardized AML terminology, along with an index and a glossary

“Despite the significant progress of AI and machine learning in different application domains, these technologies remain vulnerable to attacks,” reads a NIST statement. “The consequences of attacks become more dire when systems depend on high-stakes domains and are subjected to adversarial attacks.”

For example, to mitigate supply chain attacks against generative AI systems, NIST recommendations include:

• Verify that data downloaded from the web for training AI models hasn’t been tampered with: Do a basic integrity check in which the data provider publishes cryptographic hashes and the downloader verifies the training data.
• Perform data filtering to try to remove poisoned data samples.
• Do vulnerability scans of model artifacts.
• Use mechanistic interpretability methods to identify backdoor features.
• Design generative AI applications in such a way as to reduce the impact of model attacks.

Taxonomy of Attacks on GenAI Systems

^{(Source: “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations” report from NIST, March 2025)}

The report is primarily aimed at those in charge of designing, developing, deploying, evaluating and governing AI systems.

For more information about protecting AI systems against cyberattacks:

• “Understanding the risks - and benefits - of using AI tools” (U.K. NCSC)
• “Hacking Poses Risks for Artificial Intelligence” (Georgetown University)
• “Attacking Artificial Intelligence: AI’s Security Vulnerability and What Policymakers Can Do About It” (Harvard University)
• “How Safe and Secure Is GenAI Really?” (InformationWeek)
• “Hacking AI? Here are 4 common attacks on AI” (ZDNet)
• “Adversarial attacks on AI models are rising: what should you do now?” (VentureBeat)

2 - ETSI releases new post-quantum cryptographic standard

And the world has yet another cryptographic algorithm standard designed to protect data against future attacks powered by mighty quantum computers.

Called Covercrypt, the quantum-resistant standard specification secures data not only against forthcoming quantum attacks, but also against current pre-quantum attacks, the European Telecommunications Standards Institute (ETSI) announced this week.

Specifically, Covercrypt defines a scheme for key encapsulation mechanisms with access control (KEMAC) in which session keys are locked based on users’ attributes. 

“For instance, while an IT department can define who enters applications, the ETSI KEMAC standard helps to determine who can decrypt the data inside those applications through a specific access policy,” reads an ETSI statement.
 

To get more details, check out ETSI’s Covercrypt technical specification.

Earlier this month, NIST picked its fifth algorithm for post-quantum encryption, which it expects will be widely available for use in 2027. NIST released three quantum-resistant algorithm standards last year and expects to release a fourth one in 2026.

Here’s the issue: Quantum computers, which are expected to become widely available at some point between 2030 and 2040, will be able to decrypt data protected with today’s public-key cryptographic algorithms. 

Consequently, organizations need to start migrating to post-quantum cryptography, a process that requires careful planning and deployment.

To help organizations plan their migration to quantum-resistant cryptography, this month NIST published a draft white paper titled “Considerations for Achieving Crypto Agility,” while the U.K. National Cyber Security Centre (NCSC) released “Timelines for migration to post-quantum (PQC) cryptography.” 

For more information about how to protect your organization against the quantum computing cyberthreat:

• “How to prepare for a secure post-quantum future” (TechTarget)
• “Moody’s sounds alarm on quantum computing risk, as transition to PQC ‘will be long and costly’” (Industrial Cyber)
• “Companies Prepare to Fight Quantum Hackers” (The Wall Street Journal)
• “US unveils new tools to withstand encryption-breaking quantum. Here's what experts are saying” (World Economic Forum)
• “Quantum is coming — and bringing new cybersecurity threats with it” (KPMG)
• “Quantum and the Threat to Encryption” (SecurityWeek)

3 - U.K.’s NCSC urges domain registrars to shore up security

Lax security practices among domain registrars and domain-name system (DNS) operators help cyber fraudsters carry out online scams, including phishing campaigns.

For that reason, it’s critical that domain sellers and owners tighten their security practices, the U.K. National Cyber Security Centre (NCSC) warned this week.

“To enable phishing in the first place, malicious actors rely on obtaining misleading and fraudulent domains, or taking over legitimate domain names at scale,” reads the new NCSC guidance “Good security practice for domain registrars.”
 

The guidance is aimed at registrars that sell domains at scale, as well as at organizations that buy and park domains as investments or as part of brand-protection efforts.

The NCSC’s security recommendations include:

• Verify the customer’s information, such as IP address, email address, phone number and payment information; and check it against available threat intelligence.
• Use a system that automatically flags misleading domain-name registrations that aim to deceptively align themselves with well-known brands.
• Make it difficult for attackers to tamper with and hijack domains by adopting security controls like multi-factor authentication and automated domain-change notifications.

For more information about DNS security:

• “How To Reduce DNS Infrastructure Risk To Secure Your Cloud Attack Surface” (Tenable)
• “What is DNS Cache Poisoning?” (TechTarget)
• “10 Dangerous DNS Attacks Types & Prevention Measures” (Cybersecurity News)
• “Attackers target the Domain Name System, the internet’s phone book. Here’s how to fight back” (SiliconAngle)
• “The 5 big DNS attacks and how to mitigate them” (Network World)

4 - ENISA: Commercial satellites need better cyber protections

Makers of commercial satellites face critical cyberthreats from a variety of attackers, including hacktivists, nation-state actors and cybercriminals, so they need to boost their cyber defenses.

That’s according to the European Union Agency for Cybersecurity (ENISA), which this week published “Space Threat Landscape,” a report that recommends cybersecurity controls and cyberattack mitigations to space-sector organizations.

“The commercial exploitation of space has become the backbone of key economic activities. Digital threats in space are therefore highly critical. … This is why commercial satellites must be cyber secured at all cost,” Juhan Lepassaar, ENISA’s Executive Director, said in a statement.

• Risk to their supply chains, which are global and highly complex
• Widespread use of commercial off-the-shelf components
• Prevalence of legacy systems and limited IT asset visibility, both aggravated by the remote location of space systems
• Weak configurations, particularly due to insufficient use of cyrptography
• Human error, magnified by the need for significant human interaction with space systems
• Threat of sophisticated cyberattacks

ENISA’s mitigation recommendations include:

• Bake security into the design of systems and networks.
• Regularly patch software vulnerabilities, prioritizing the ones that pose the greater risk to your organization.
• Share information about vulnerabilities, threats and attack tactics, techniques and procedures with your industry peers.
• Secure your supply chain by carefully and methodically vetting vendors and partners; and by continuously monitoring their security processes. Be aware of fraudulent equipment circulating in the global supply chain.
• Rigorously test the security of commercial off-the-shelf products and components.
• Adopt “effective, validated and tested” encryption methods to protect your systems and data.

For more information about the cybersecurity of commercial satellites:

• “We Need Cybersecurity in Space to Protect Satellites” (Scientific American)
• “Orbital observations: Enhancing space resilience with real-time cybersecurity” (Deloitte)
• “The Growing Risk of a Major Satellite Cyber Attack” (Via Satellite)
• “Recommendations to Space System Operators for Improving Cybersecurity” (CISA)
• “A Cybersecurity Framework for Mitigating Risks to Satellite Systems” (Dark Reading)

5 - New vulns disclosed, patched for Ingress NGINX Controller for Kubernetes

Does your organization use the Ingress NGINX Controller for Kubernetes? 

If so, your IT and cybersecurity departments are hopefully aware of five vulnerabilities disclosed this week affecting this popular open-source controller used for managing Kubernetes clusters’ network traffic. One vulnerability has a “critical” severity rating, while three are rated “high.”
 

The Kubernetes open source project fixed all of the vulnerabilities — collectively known as IngressNightmare — with the release of two new versions of the product: Ingress NGINX Controller 1.12.1, which fixes version 1.12.0; and Ingress NGINX Controller 1.11.5, which fixes older versions, starting with 1.11.4.

To get all the details, check out Tenable Research’s blog “CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare.”