Tension between difficult economic conditions and the pace of technological innovation, including the evolution of artificial intelligence (AI), is fueling the growth of the identity attack surface and identity-led cybersecurity exposure. That’s according to the CyberArk 2023 Identity Security Threat Landscape Report, which details how these issues have the potential to compound “cyber debt” where investment in digital and cloud technology outpaces cybersecurity spend. This create a rapidly expanding and unsecured identity-centric attack surface.
Daily Archives: June 13, 2023
firefox-stable-3820230610212426.1
FEDORA-FLATPAK-2023-777c3d6cab
Packages in this update:
firefox-stable-3820230610212426.1
Update description:
Update to 114.0
flatpak-runtime-f38-3820230613100501.1 flatpak-sdk-f38-3820230613100501.1
FEDORA-FLATPAK-2023-b5a143a8c8
Packages in this update:
flatpak-runtime-f38-3820230613100501.1
flatpak-sdk-f38-3820230613100501.1
Update description:
Updated flatpak runtime and SDK, including latest Fedora 38 security and bug-fix errata.
#InfosecurityEurope: Leading Cybersecurity Providers to Share Insights on Breach Containment
As cybersecurity breaches continue to steal the headlines, exhibitors at Infosecurity Europe are lining up to provide insight and advice
Identifying the Idaho Killer
The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students.
Pay attention to the techniques:
The case has shown the degree to which law enforcement investigators have come to rely on the digital footprints that ordinary Americans leave in nearly every facet of their lives. Online shopping, car sales, carrying a cellphone, drives along city streets and amateur genealogy all played roles in an investigation that was solved, in the end, as much through technology as traditional sleuthing.
[…]
At that point, investigators decided to try genetic genealogy, a method that until now has been used primarily to solve cold cases, not active murder investigations. Among the growing number of genealogy websites that help people trace their ancestors and relatives via their own DNA, some allow users to select an option that permits law enforcement to compare crime scene DNA samples against the websites’ data.
A distant cousin who has opted into the system can help investigators building a family tree from crime scene DNA to triangulate and identify a potential perpetrator of a crime.
[…]
On Dec. 23, investigators sought and received Mr. Kohberger’s cellphone records. The results added more to their suspicions: His phone was moving around in the early morning hours of Nov. 13, but was disconnected from cell networks - perhaps turned off—in the two hours around when the killings occurred.
#InfosecurityEurope: Top Five Things to Check Out at This Year’s Event
With Infosecurity Europe just around the corner, here are four of the must-see activities happening at this year’s event
As MOVEit hackers’ deadline approaches, Ofcom reveals it is amongst victims
The UK’s broadcasting regulator, Ofcom, has confirmed that it is amongst the organisations whose data has been stolen as a result of the massive MOVEit supply-chain cyber attack.
Read more in my article on the Hot for Security blog.
Rise of AI in Cybercrime: How ChatGPT is revolutionizing ransomware attacks and what your business can do
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
OpenAI’s flagship product, ChatGPT, has dominated the news cycle since its unveiling in November 2022. In only a few months, ChatGPT became the fastest-growing consumer app in internet history, reaching 100 million users as 2023 began.
The generative AI application has revolutionized not only the world of artificial intelligence but is impacting almost every industry. In the world of cybersecurity, new tools and technologies are typically adopted quickly; unfortunately, in many cases, bad actors are the earliest to adopt and adapt.
This can be bad news for your business, as it escalates the degree of difficulty in managing threats.
Using ChatGPT’s large language model, anyone can easily generate malicious code or craft convincing phishing emails, all without any technical expertise or coding knowledge. While cybersecurity teams can leverage ChatGPT defensively, the lower barrier to entry for launching a cyberattack has both complicated and escalated the threat landscape.
Understanding the role of ChatGPT in modern ransomware attacks
We’ve written about ransomware many times, but it’s crucial to reiterate that the cost to individuals, businesses, and institutions can be massive, both financially and in terms of data loss or reputational damage.
With AI, cybercriminals have a potent tool at their disposal, enabling more precise, adaptable, and stealthy attacks. They’re using machine learning algorithms to simulate trusted entities, create convincing phishing emails, and even evade detection.
The problem isn’t just the sophistication of the attacks, but their sheer volume. With AI, hackers can launch attacks on an unprecedented scale, exponentially expanding the breadth of potential victims. Today, hackers use AI to power their ransomware attacks, making them more precise, adaptable, and destructive.
Cybercriminals can leverage AI for ransomware in many ways, but perhaps the easiest is more in line with how many ChatGPT users are using it: writing and creating content. For hackers, especially foreign ransomware gangs, AI can be used to craft sophisticated phishing emails that are much more difficult to detect than the poorly-worded message that was once so common with bad actors (and their equally bad grammar). Even more concerning, ChatGPT-fueled ransomware can mimic the style and tone of a trusted individual or company, tricking the recipient into clicking a malicious link or downloading an infected attachment.
This is where the danger lies. Imagine your organization has the best cybersecurity awareness program, and all your employees have gained expertise in deciphering which emails are legitimate and which can be dangerous. Today, if the email can mimic tone and appear 100% genuine, how are the employees going to know? It’s almost down to a coin flip in terms of odds.
Furthermore, AI-driven ransomware can study the behavior of the security software on a system, identify patterns, and then either modify itself or choose the right moment to strike to avoid detection.
Trends and patterns in ChatGPT-themed cybercrimes
While the vast majority of people use ChatGPT for benign or beneficial purposes, the notable uptick in ChatGPT-themed suspicious activities is cause for concern. These threats include the creation of malicious code, phishing schemes, and of course ransomware — often exploiting the advanced capabilities of ChatGPT to enhance their effectiveness.
The majority of patterns and trends in these activities are not ransomware-related; however, they provide invaluable insights for security experts to proactively respond to these challenges.
Creation of malware using ChatGPT
A self-proclaimed novice reportedly created a powerful data-mining malware using just ChatGPT prompts within a few hours.
ChatGPT imposters
Malware operators and spammers read the news, too, and are following trends and high-engagement topics, leading to an increase in malicious ChatGPT imposters.
Malware campaigns using ChatGPT
ChatGPT is everywhere. Meta took steps to take down more than 1,000 malicious URLs that were found to leverage ChatGPT.
Cybercriminals using ChatGPT
ChatGPT cybercrime is popular with hackers. A thread named “ChatGPT – Benefits of Malware” appeared on a popular underground hacking forum, indicating that cybercriminals are starting to use ChatGPT.
ChatGPT-themed lures
Watch out: hackers are using ChatGPT-themed malware to take over online accounts.
ChatGPT phishing attacks
Finally, these phishing attacks are the most concerning for organizations defending against ransomware. The ChatGPT “Banker” phishing attack involves fake webpages and a trojan virus.
Copycat Chatbots and their threat to Cybersecurity
The success and visibility of OpenAI’s ChatGPT inevitably leads to another cybersecurity concern — the rise of copycat chatbots. These are AI models developed by other groups or individuals seeking to mimic the functionalities and capabilities of ChatGPT, often with less stringent ethical guidelines and fewer protective measures.
There are two key issues that arise from these imitation chatbots. First, they often lack the advanced protective guardrails that have been incorporated into ChatGPT, leaving them more open to misuse. These bots could easily become tools for generating malicious code, crafting phishing emails, or designing ransomware attacks.
Next, these copycat chatbots are frequently hosted on less secure platforms, which may be susceptible to cyber-attacks. Hackers could potentially compromise these platforms to gain control of the chatbots and manipulate their capabilities for nefarious purposes.
Copycat chatbots present the risk of amplifying misinformation and fostering cybercrime. As they lack the same level of scrutiny and oversight as ChatGPT, they could be used to disseminate deceptive content on a large scale.
Proactive measures you can take to combat AI-enhanced ransomware threats
Despite the escalating threat, the outlook is not hopeless.
As always, good security hygiene can go a long way in bolstering your defenses. The advice hasn’t changed, but it bears repeating.
Regular updates and patches: Ensure that all your software, including your operating system and applications, are up to date.
Avoid suspicious emails/links: Be wary of emails from unknown sources and don’t click on suspicious links. Remember, AI can be used to mimic trusted contacts.
Back up your data: Regularly backing up data is a simple yet effective way of mitigating the potential damage of a ransomware attack. The more data you have backed up, the easier it is to recover from a potential disaster.
Promote a culture of security awareness: Learn about the latest threats and techniques used by hackers. The better your company and all employees understand these tactics, the easier it will be to recognize and avoid potential threats.
If you do fall victim to a ransomware attack, don’t panic. Disconnect from the internet, report the incident to local authorities, and consider seeking professional help to mitigate the damage. In most cases, paying the ransomware is not recommended.
While AI can pose a threat when in the hands of hackers, it can also be a potent ally in your defense. AI-driven cybersecurity solutions are becoming more prevalent and can help you combat these advanced threats. These solutions use machine learning to recognize patterns, anticipate threats, and respond in real-time. By adopting AI-based security tools, you’re not just reacting to cyber threats, but proactively defending against them.
How AT&T Cybersecurity can help defend against ransomware
If your company lacks cybersecurity expertise, you may consider hiring trusted and experienced consultants to help you out. Take control by proactively making your company a place that cybercriminals do not want to visit.
With AT&T Cybersecurity incident response service, you’ll be well-positioned to:
Prevent data breaches
Quickly respond to attacks and mitigate impact
Minimize impacts of a potential breach
Quickly analyze and recover from the breach
Mitigate security risk
Improve incident response
Leverage an “all hands on deck” approach, which includes in-depth digital forensic analysis, breach, support and compromise detection
Microsoft Pays $20m to Settle Another FTC COPPA Case
Regulator alleged Microsoft knowingly collected personal information from children
CVE-2022-41327
A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.