Weaponized AI & the ransomware gangs that you need to know about

We have now reached 19,393 subscribers. Thanks for your support! Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network! Reach out to me personally if you have questions about your cyber security --> Luigi Tiano.

‍

1.Weaponized AI

‍

Hackers are utilizing a malicious alternative to GPT models called WormGPT, ChatGPT, and other advanced AI technologies to launch sophisticated cyber attacks, particularly business email compromise (BEC) attacks. WormGPT allows threat actors to automate the creation of convincing personalized fake emails, overcoming language barriers and increasing the effectiveness of their attacks. WormGPT possesses powerful features like unlimited character support, chat memory retention, and code formatting. It has been trained on undisclosed malware-related datasets, making its training sources confidential. Security researchers have tested WormGPT and found that it has exceptional capabilities in generating persuasive and tactful emails, making it a significant threat for launching BEC attacks. (cybersecuritynews)

‍

My thoughts: With the rise of AI in various forms, businesses must be aware of their cyber security posture and avoid the unregulated use of AI within the company. Ensure that all third-party vendors adhere to your cyber security policies. Take this 2-minute Cyber posture quiz and see where your company is now.

‍

2.Cl0p attacks top accounting firm

‍

The Clop ransomware group has added 62 clients of Ernst & Young, including major airlines, banks, hospitals, and retailers in Canada, to its data leak site. The attack on Ernst & Young's clients was part of the supply chain attack on the MOVEit file transfer software, which leaked 3 terabytes (TB) of sensitive information. The compromised data includes financial reports, accounting documents, passport scans, Visa scans, and more. The attack targeted a vulnerability in MOVEit and has affected a total of 150 organizations, compromising the personal data of over 16 million individuals. (bankinfosecurity)

‍

My thoughts: We have discussed Cl0p in the past and seeing them continually post/expose large companies, including top accounting firms is very much alarming. Were they attacked recently? Did they take proper precautions? Are the biggest companies vulnerable because they have the biggest targets on their back?

‍

3.Emergency dispatch disruption leads to old-school method

‍

Hayward City Council declares a local emergency in response to an ongoing cyberattack that has disrupted various city services, including emergency dispatching and electronic payments. The attack, which started on Sunday, has left officials uncertain about when the disruption will be fully resolved. The city's 911 dispatch center has been particularly affected, requiring a shift to "old-school" methods of pen and paper. Hayward will remain under a local emergency indefinitely to facilitate a flexible response to the cyber crisis. The attack has also impacted electronic permitting and payment services. (mercurynews)

‍

My thoughts: This incident highlights the vulnerability of local governments to cyber attacks and the potential risks posed to emergency communication systems. Such cases must be given a closer look at since it disrupts critical agencies that cater to matters about life and death.

‍

4.LokiBot is not Lowkey at all

‍

Cyber security researchers at FortiGuard Labs have discovered a new malware campaign that utilizes malicious Microsoft Office documents to inject the LokiBot Trojan onto victims' systems. The campaign exploits two known vulnerabilities, to deliver the LokiBot malware, which specializes in stealing sensitive information from Windows machines. The malicious documents either contain an external link embedded in an XML file or employ a VBA script with a malicious macro. The attack highlights the evolving nature of LokiBot, its ability to exploit vulnerabilities and use evasion techniques, and the importance of exercising caution when dealing with unknown files or suspicious links. (hackread)

‍

My thoughts: Trojans can be prevented by keeping all software on your computer up to date with the latest patches and being sure that end-point management takes place.

‍

5. Improve your cyber security

‍

Check out our new partners at Abnormal Security. The reason why Assurance IT decided to make this strategic investment with Abnormal is due to their platform's effectiveness at significantly mitigating losses related to business / vendor email compromise by leveraging advanced user behavior profiling and behavioral data science.

‍

Abnormal offers a free non-invasive, minimal-overhead, Email Risk Assessment which highlights the residual risk that is bypassing an organization's existing email security controls. Check out our new partners Abnormal Security.

‍