August 2023 Edition
Table of Contents
1. WormGPT and FraudGPT Claim to Create Content Cybercriminals Can Use For Phishing Campaigns
2. Cybersecurity Executive Slams Microsoft’s Negligent Approach to Security
3. Teenage Hackers Make Millions Through SIM Swapping
4. AI Incident Database Collects and Analyzes AI Incidents
5. Canon Printers Pose Network Threat
6. Pentagon Investigates Second Breach in 3 Months
7. Chinese Advanced Persistent Threats Continue to Infiltrate US Infrastructure
8. Obscure Cloud Service Company Tied to Malicious Users
9. Hackers Access 16 Years Worth of Colorado Public School Data
10. Cyberattacks on Ukraine Play Huge Role in War
11. Vulnerabilities Abound in Chinese Input Keyboard
12. Secure Channel OSDP is Rendered Useless
1. WormGPT and FraudGPT Claim to Create Content Cybercriminals Can Use For Phishing Campaigns
What Happened:
Cybercriminals have created unique versions of language models like ChatGPT that help them create copy for their phishing and malware scams.
What to Know:
Criminals on dark-web forums are posting about two large language models (LLMs) they’ve created, called WormGPT and FraudGPT, and are marketing them for illegal activities.
It is unknown how legitimate these claims are with some experts thinking these claims themselves are an attempt at a scam.
LLMs like OpenAI and ChatGPT have safety measures that stop misuse - these shady LLMs strip away these guardrails.
The FBI and Europol have issued warnings that cybercriminals are using generative AI in their work that could help with fraud, impersonation, and other social engineering. For example, operators of pig butchering and romance scams often use generated text in their messages.
What to Do:
Businesses should be hyper-vigilant and should consider conducting in-depth training with employees about the possibility of these advanced-level phishing campaigns.
Implement AI detection tools that can detect and mitigate AI-generated content. With these tools, you’ll be able to identify and block suspicious activities
For more information, check out this article.
2. Cybersecurity Executive Slams Microsoft’s Negligent Approach to Security
What Happened:
Amit Yoran, CEO of cybersecurity firm Tenable, criticized Microsoft as “grossly irresponsible, if not blatantly negligent” for consistently failing to proactively and professionally address vulnerabilities in their products.
What to Know:
Yoran’s company recently identified a critical vulnerability in a Microsoft Azure product that allowed them to, among other things, access a bank’s authentication secrets. It has been four months since the disclosure to Microsoft, and the vulnerability has still not been patched.
Microsoft announced that no one else accessed the secrets besides the researchers at Tenable.
Microsoft is under increased scrutiny after hackers based in China abused one of Microsoft’s products to steal the email messages of senior U.S. officials. The Cyber Security Review Board is currently investigating Microsoft’s role in the breach.
Microsoft is also under fire for the so-called SolarWinds attack in which Russian state-sponsored hackers compromised computer networks in the federal government and private sector.
What to Do:
Keep up to date with possible updates to Microsoft’s software. Since the company is so ingrained in online business infrastructure, you’ll likely be impacted by any updates or changes the company makes in response to this backlash.
Business Impact:
Shares of Microsoft were down 1% on Friday morning in New York
For more information, check out this article and this one, too.
3. Teenage Hackers Make Millions Through SIM Swapping
What Happened:
Michael Terpin, a prominent crypto investor and marketer, fell victim to a SIM swap by teenage hackers looking for access to his cryptocurrency.
What to Know:
“SIM Swapping” is when a criminal hijacks a user’s mobile number by getting their phone service providers to transfer the numbers to phones the attackers control. This can give a hacker a way into someone’s email, social media, and online storage accounts.
The first attempt of a SIM Swap on Terpin was successful only in that hackers were able to get about $30,000 from friends of Terpin after impersonating him via messages. Following this, T-Mobile and AT&T informed Terpin that he would get a heightened level of security on their accounts and that no SIM swap could be made without a PIN. A second attempt was much more successful, and Terpin responded by suing AT&T for $224 million. The fall-out from this ended up being the most significant take on record for a SIM swap and was conducted entirely by teenagers.
Last year the FBI received over 2000 SIM swapping complaints with losses totaling $71.6 million.
Community, a group of teenage SIM swappers in the US, the UK, and Ireland, ultimately ended up being responsible for the theft form Terpin.
What to Do:
Security experts recommend that users use a form of two-factor authentication that requires a code sent to an app rather than one text to a phone number to prevent SIM swapping. This way, even if a hacker has access to your phone messages, they won’t be able to complete two-factor authorization for entities like emails and banking.
Consider asking your phone provider to increase the level of security on your accounts.
Reduce the amount of sensitive information you’re putting through messaging apps like Telegram and email apps like Gmail.
For more information, check out this article.
4. AI Incident Database Collects and Analyzes AI Incidents
What Happened:
The AI Incident Database is an open-source, constantly evolving database for AI incidents.
What to Know:
This repository of problems will be used by future researchers and developers to mitigate or avoid repeated bad outcomes.
It is designed to provide information, structure, and perspectives on AI incidents.
Business Impact:
This tool will be incredibly helpful for anyone in the AI industry and will work to promote a more ethical, responsible AI industry.
What to Do:
If you experience an AI incident, you can submit it directly to the AI Incident Database.
Read through submitted incidents to learn more about faulty AI and AI mishaps.
Check out the AI Incident Database here.
5. Canon Printers Pose Network Threat
What Happened:
Canon is warning that sensitive Wi-Fi settings don’t get wiped during resets so customers need to manually delete them before selling, discarding, or getting them repaired.
What to Know:
Manual wiping of settings needs to occur whenever your printer will be in the hand of a third party.
Malicious actors could use settings saved on this hardware to gain unauthorized access to a network that hosts or hosted a Canon printer.
What to Do:
Make sure you manually wipe your settings before sending your Canon printer off to any third party. If you don’t use a Canon printer, check to see if these same precautions are necessary for your brand.
If your business utilizes a printer connected to the network over Wi-Fi, a malicious actor could theoretically gain access to your network through the printer. Make sure to take necessary precautions before getting printers repaired or replaced.
For more information, check out this article.
6. Pentagon Investigates Second Breach in 3 Months
What Happened:
The compromise was made across several Air Force Facilities by a US Air Force engineer.
What to Know:
The government was told that an Arnold Air Force Base (in Tennessee) employee had taken government radio technologies home. The equipment was worth around $90,000.
It was found the employee had unauthorized administrator access to radio communications technology used by the Air Education and Training Command. The compromise affected 17 Department of Defense installations.
There is evidence the suspect had possible access to communications of the FBI and various Tennessee state agencies.
This comes just three months after another major breach of Pentagon security where Massachusetts Air National Guard member Jack Teixeira leaked classified documents related to the war in Ukraine on Discord.
For more information, check out this article.
7. Chinese Advanced Persistent Threats Continue to Infiltrate US Infrastructure
What Happened:
Chinese APTs (Advanced Persistent Threats), believed to be associated with the Chinese government, are actively infiltrating sensitive infrastructure in the US with the intention of establishing permanent presences.
What to Know:
Three distinct reports highlight this threat:
Security firm Kaspersky reported on an advanced spying toolkit used by a group (Zirconium) to create a continuous data exfiltration channel within industrial infrastructure.
The New York Times reported on another Chinese Group (Volt Typhoon) that aimed to insert disruptive malware deep within critical infrastructure, possibly for use during potential conflicts.
Microsoft disclosed a breach involving its Azure and Exchange cloud services by a Chinese APT where hackers accessed inactive signing keys and forged tokens for authentication
These Chinese efforts are all difficult to detect due to their sophistication and the dormant nature of their malware, which can remain hidden for long periods.
Chinese reports label this propaganda.
What to Do:
Keep up to date as more information comes to light. The US government is investigating the extent of the code’s presence in networks, as its scope is still not fully understood.
For more information, check out this article.
8. Obscure Cloud Service Companies Tied to Malicious Users
What Happened:
Cloudzy, an obscure cloud service company, has been providing state-sponsored hackers with internet services to spy on and extort their victims
What to Know:
Researchers from cybersecurity firm Halcyon said Cloudzy had been leasing server space and reselling it to at least 17 different state-sponsored hacking groups from China, Russia, Iran, North Korea, India, Pakistan, and Vietnam.
Cloudzy CEO says only 2% of his firm’s clients are malicious. Halcyon estimates that half of Cloudsy’s business was malicious.
The bigger picture is that this is an example of how hackers and ransomware gangs use small firms operating at the fringes of cyberspace to enable big hacks.
For more information, check out this article.
9. Hackers Access 16 Years Worth of Colorado Public School Data
What Happened:
16 years of student information was accessed by a ransomware gang over the course of eight days this past June. Additional victims were certain cohorts of higher education students, recipients of General Education Development certificates, and teacher’s licenses.
What to Know:
No ransomware gang has taken public credit and it is unknown whether a ransom was paid.
Impacted records include names, SSNs, student ID numbers, and other records ranging from bank statements and bills to copies of government IDs parents use as proof of address.
What to Do:
If you’ve gone to school in Colorado, check out the original article to see if you may have been included on the list of people who’s data was breached.
For more information and to see the list of affected people, check out this article.
10. Cyberattacks on Ukraine Play Huge Role in War
What Happened:
Victor Zhora, deputy chairman of the State Service of Special Communications and Information Protection of Ukraine, is working to catalog cyberwar crime evidence against Russian hackers targeting Ukraine.
What to Know:
Cyberattacks have played a huge role in the war in Ukraine. Russian hackers have targeted satellite systems and used digital assaults to execute disinformation and psychological warfare campaigns; have carried out widespread hacking campaigns to conduct cyber-espionage, surveil Ukrainians, and spread propaganda; and have conducted other digital assaults.
Each day, Ukraine faces up to 10 cyberattacks. Since the beginning of the invasion, they’ve registered around 3000 major cyber incidents.
Ukraine considers the first strike in cyberwar to have been made on January 14 when around 70 governmental websites were attacked by Russia-affiliated actors.
Global IT providers have offered software, hardware, cloud infrastructures, consultancy, and threat intelligence to Ukraine.
For more information, check out this article.
11. Vulnerabilities Abound in Chinese Input Keyboard
What Happened:
There has been a lot of effort analyzing, documenting, and responsibly disclosing vulnerabilities concerning the insecure transmission of sensitive data in Chinese-developed apps. A specific study showed how Tencent’s Sogou Input Method, the most popular Chinese input method in China, has vulnerabilities decipherable by a network eavesdropper, revealing what users are typing as they type.
What to Know:
This ecosystem remains problematic as these apps fail to adopt practices to secure the sensitive data which they transmits.
Sogou Input Method, an app with around 450 million users, failed to properly secure the transmission of sensitive data.
What to Do:
Reconsider using this type of input keyboard.
Don’t ever use messaging or input apps that don’t implement any type of well-known encryption.
To see the complete study, click here.
11. Secure Channel OSDP is Rendered Useless
What Happened:
Secure Channel is a next-gen protocol that was designed to prevent the hacking of access control systems used at secure facilities on US military bases and buildings belonging to federal, state, and local governments and private organizations. Recently, researchers discovered a suit of vulnerabilities.
What to Know:
Open Supervised Device Protocol (OSDP) was developed as a security standard after an attack demonstrated at the Black Hat security conference in 2008 on a device called Gecko. Gecko exploited weaknesses that allowed attackers to create spoof cards for unauthorized entry. To address these vulnerabilities, the industry introduced OSDP with a Secure Channel that encrypted communication.
Recent research shows that OSDP is still very vulnerable. Vulnerabilities include the inability to enforce encryption, weak key management, and a flawed key exchange process.
Despite efforts to improve security, OSDP remains compromised with vulnerabilities that can lead to unauthorized access of buildings and data breaches.
For more information, check out this article.