CyberheistNews Vol 12 #50 [EYE OPENER] How ChatGPT Can Be Used for Social Engineering



Cyberheist News

CyberheistNews Vol 12 #50  |   December 13th, 2022

[EYE OPENER] How ChatGPT Can Be Used for Social EngineeringStu Sjouwerman SACP

ChatGPT could give Google a serious run for its money. We are not quite there yet, but the capabilities are rapidly improving. Just have a look at the command I gave it. In five seconds the copy rolled out. This is unedited by the way:

What I told it to do:

"Write a 300-word blog post how ChatGPT can be used for social engineering"

What it wrote:

"ChatGPT, a large language model trained by OpenAI, has the ability to generate human-like text that can be used for a variety of purposes. One such use is in the realm of social engineering, where ChatGPT can be used to create convincing messages that can manipulate individuals into divulging sensitive information or performing certain actions.

Social engineering is a tactic that relies on psychological manipulation to trick people into giving away sensitive information or performing certain actions. This can be done through various means, including phishing scams, pretexting, and other forms of deception."

(I will not repeat everything, you can read the rest in the blog post, link below.)

The grammatically correct copy isn't very inspired and a bit repetitive, but a pretty amazing advance in technology. ChatGPT got to an astounding 1 million users in less than a week. ChatGPT has been trained using millions of websites to not only hold humanlike conversations, but also to understand information based on what was published on the internet before late 2021. This allows ChatGPT to offer users a more comprehensive—almost frictionless—answer than what can be found through clicking on Google search links.

However...

  • A big downside to ChatGPT is that its sources are unknown, meaning the creators themselves may not even know where the answers it produces come from. This often leads to incorrect information being given.
  • The concerning thing about this flaw is that the inaccuracies are tough to notice, especially because it sounds confident but can really be utter nonsense.
  • You cannot use ChatGPT to find out if text has been written by ChatGPT. There is no antidote.
  • It cannot detect scams. ChatGPT is a natural language processing tool that can answer questions and generate text based on the input it receives, but it does not have the ability to detect scams or other fraudulent activities.

ChatGPT could become even more accurate as OpenAI continues to train its model on current web content. OpenAI is working on a system called WebGPT, which they hope will lead to more accurate answers to search queries, including source citations. If ChatGPT and WebGPT are combined, they could provide a strong alternative to Google Search.

You should go and play with it.

I suggest you start with: "Write an email explaining that you are a Nigerian prince and you need money." Here is the login:
https://chat.openai.com/chat

Full blog post with links:
https://blog.knowbe4.com/eye-opener-how-chatgpt-can-be-used-for-social-engineering

Ransomware, Ransom-war and Ran-some-where: What We Can Learn When the Hackers Get Hacked

Ransomware strikes organizations almost every two seconds. Tales of bad actors doing their worst fill the InfoSec news cycle, but what happens when the hackers get hacked?

Last year, the Conti ransomware group got a taste of their own cyber-medicine when their playbook, chat sessions, and other critical information ended up on the dark web.

So what important lessons can we learn from a situation like this? How do these cybercriminal organizations operate? What are their business models? What is their level of experience? And most importantly, how can we avoid their tactics?

Join James McQuiggan, Security Awareness Advocate at KnowBe4, for this informative webinar to learn about:

  • The tactics, techniques, and procedures used by various cybercriminal groups, including ransomware services
  • Understanding the modus operandi of these groups
  • How to spot these attacks, and why training your users is you best line of defense

Let their misfortune be your opportunity to flip the tables before you become a victim, and earn CPE credit for attending!

Date/Time: TOMORROW, Wednesday, December 14 @ 2:00 PM (ET)

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Save My Spot!
https://info.knowbe4.com/ransomware-ransom-war?partnerref=CHN2

Credential Phishing with Apple Gift Card Lures

A phishing campaign is impersonating Apple and informing the user that their Apple account has been suspended due to an invalid payment method, according to researchers at Armorblox.

"Attackers crafted the targeted email in order to convince recipients that they were receiving a legitimate email communication from the brand Apple, Inc.," the researchers write. 'With the subject of the email reading: We've suspended your access to apple services' it is clear the attacker's intention was to establish a sense of urgency in order for the email to be opened.

"Once opened, unsuspecting victims were met with minimalist email (black with white text) informing recipients that validation of the card associated with his or her apple account failed to validate. The consequence was clear – access to services that use the account would be lost."

The link in the email will take the user to a spoofed login page designed to steal their credentials. "The goal of the targeted email was to get victims to go to a fake landing page created in order to exfiltrate sensitive user credentials," the researchers write.

"The information included and language used within the email aims to lead victims to click the main call-to-action (login now) located at the bottom of the email. Once clicked, victims were directed to a fake landing page, which was crafted to mimic a legitimate Captcha security check landing page."

New-school security awareness training can enable your employees to thwart phishing and other social engineering attacks.

Full blog post with links:
https://blog.knowbe4.com/credential-phishing-with-apple-gift-card-lures

[New PhishER Feature] Turn the Tables on the Cybercriminals with PhishFlip

Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately "flip" a dangerous attack into an instant real-world training opportunity for your users.

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature that automatically replaces active phishing threats with a new defanged look-alike back into your users' mailbox.

The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.

See how you can best manage your user-reported messages.

Join us Wednesday, December 21, @ 2:00 PM (ET) for a live 30-minute demonstration of PhishER, the #1 Leader in the G2 Grid Report for SOAR Software. With PhishER you can:

  • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user's inbox.
  • Easily search, find, and remove email threats with PhishRIP, PhishER's email quarantine feature for Microsoft 365 and Google Workspace
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Easy integration with KnowBe4's email add-in button, Phish Alert, or forwarding to a mailbox works too!

Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: Wednesday, December 21, @ 2:00 PM (ET)

Save My Spot!
https://info.knowbe4.com/phisher-demo-december-2022?partnerref=CHN

Holiday Shopping Scams Online Are Too Good to Be True

It's a few weeks before Christmas, and the latest video game console is getting harder and harder to find in stores. You've checked all the large retail stores online and visited them locally as well. You've talked to the retail workers to see if they know when more game consoles are coming in, and they don't even know.

You've seen them on the various auction sites, but at three, four, and ten times the actual cost, you know they're worth online. You've checked your social media platforms and see that other people are having the same issues finding the game console.

You start Googling to see if you can find another retailer or store that you've missed in your searches. On the fourth page of searching, you see a link where the website has it in the preview section of the website description that they always have plenty of products in stock. You click on the link, thinking, "oh, it will be 10x the normal price."

The website states they are a reseller of video console platforms, and they resell products when minor cosmetic issues do not affect the gameplay, and they guarantee it for up to a year. This information appears interesting, so you scroll down further and see the console you're looking for, and it's for around the same retail price, and they have 23 available to purchase. You can hardly contain your excitement as you might have gotten lucky! You click on the white "buy now" button, and it asks for your name, email, phone number, and home address.

You are so excited that you don't want to miss out. GOTCHA.

[CONTINUED] blog post with links:
https://blog.knowbe4.com/holiday-shopping-scams-online-are-too-good-to-be-true

Report: 2022 Phishing By Industry Benchmarking

With phishing still rising, your employee's mindset and actions are critical to the security posture of your organization.

You need to know what happens when your employees receive phishing emails: are they likely to click the link? Get tricked into giving away their credentials or download malware? Or will they report the suspected phish and play an active role in your human defense layer?

Perhaps more importantly, do you know how effective new-school security awareness training is as a mission-critical layer in your security stack?

Find out with the 2022 Phishing By Industry Benchmarking Report, which analyzed a data set of 9.5 million users across 30,173 orgs with over 23.4 million simulated phishing security tests. In this unique report, research from KnowBe4 highlights employee Phish-prone™ Percentages by industry, revealing the likelihood that users are susceptible to phishing or social engineering attacks. Taking it a step further, the research also reveals radical drops in careless clicking after 90 days and 12 months of new-school security awareness training.

Do you know how your organization compares to your peers of similar size?

Download this whitepaper to find out!
https://info.knowbe4.com/phishing-by-industry-benchmarking-report-chn

Attend CONVENE, The Definitive Gathering of Security Awareness Practitioners

The National Cybersecurity Alliance and KnowBe4 are gathering security training and awareness professionals together to connect, share and convene. Join us in Clearwater, Florida, from January 10 - 11, 2023 as we:

  • Connect with the training and awareness community. Convene was created for this close-knit group, which has few opportunities to connect in person at an event designed just for them.
  • Learn best practices. Thought leaders and industry executives will share their recent successes, failures and insights from recent campaigns and programs.
  • Build camaraderie. Immersive gatherings with like-minded professionals breed innovation, sharing and human connection.

Use the code KNOWBE415 to save 15% on your ticket!
www.eventbrite.com/e/347457513777/?discount=KNOWBE415

I'm going too. Hope to see you.


Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [BUDGET AMMO] New article by yours truly: 8 Best Practices for Successful Cybersecurity Compliance Training:
https://grcviewpoint.com/8-best-practices-for-successful-cybersecurity-compliance-training/

PPS: [FOR YOUR C-SUITE] Why deepfake phishing is a disaster waiting to happen:
https://venturebeat.com/security/deepfake-phishing/

Quotes of the Week  
"It takes courage to grow up and become who you really are."
- e. e. cummings - Poet (1894 - 1962)

"As long as you live, keep learning how to live."
- Lucius Annaeus Seneca - Philosopher, Statesman and Writer (4 BC – AD 65)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-12-50-eye-opener-how-chatgpt-can-be-used-for-social-engineering

Security News

Incident Response Actions are Systematically Reversed by Hackers to Maintain Persistence

Analysis of attacks on two cellular carriers have resulted in the identification of threat actions designed to undo mitigations taken by security teams mid-attack.

We'd like to think that the attackers only move in a game of cyberattack chess is "attack" and then once you begin to mitigate their intrusion, lateral movement, modification of user accounts, etc. the threat actor just gives up and you win. But new analysis of several attacks by security vendor Crowdstrike show that while your team is busy trying to undo everything attackers have done to facilitate their access, they are equally busy either reversing your actions or setting up additional means of entry, privilege and access.

According to the analysis, Crowdstrike observed the following activity mid-attack when response actions weren't being taken swiftly:

  • Setup of additional VPN access
  • Setup of multiple RMM tools
  • Re-enabling of accounts disabled by security teams

It's just like chess; you make a move and your adversary makes another.

There are two takeaways from this story:

  • Response actions need to be swift; you need to cut off attacker access quickly and effectively
  • Based on the initial attack vectors – mostly social engineering designed to harvest credentials, security awareness training for every user is needed to keep users vigilant whether they're using email, the phone or the Internet.

Blog post with links:
https://blog.knowbe4.com/incident-response-actions-are-systematically-reverse-by-hackers-to-maintain-persistence

Russian Threat Actor Impersonates Aerospace and Defense Companies

A Russia-linked threat actor tracked as TAG-53 is running phishing campaigns impersonating various defense, aerospace, and logistic companies, according to The Record by Recorded Future.

Recorded Future's Insikt Group identified overlaps with a threat actor tracked by other companies as Callisto Group, COLDRIVER, and SEABORGIUM. "TAG-53 infrastructure was uncovered by analyzing specific combinations of domain registrars, autonomous systems, domain name structures, and related TLS certificates," the researchers write.

"Based on this information, it is highly likely that this threat group is continuing its phishing and credential-harvesting operations. While monitoring TAG-53 infrastructure, Insikt Group observed a spoofed Microsoft login page masquerading as a legitimate military weapons and hardware supplier in the US, suggesting that some TAG-53 infrastructure has likely already been operationalized."

Recorded Future isn't sure if the impersonated entities are the specific targets of the operation, but the researchers note that most of these organizations "share a focus around industry verticals that would likely be of interest to Russia-nexus threat groups, especially in light of the war in Ukraine."

"The TAG-53 domain "drive-globalordnance[.]com" includes a spoofed sign-in page for the legitimate company Global Ordnance, a military weapons and hardware supplier in the US," the researchers write. "The spoofed sign-in page…uses Global Ordnance branding and is suspected to be used for follow-on credential harvesting after a target has been phished.

"It is unclear whether Global Ordnance is the intended target of this attempted credential harvesting operation or whether TAG-53 is using a Global Ordnance styled domain and spoofed sign-in page to masquerade as a legitimate entity to target victims."

Other impersonated entities included Polish defense company UMO Poland, the nonprofit Commission for International Justice and Accountability (CIJA), US-based satellite communications company Blue Sky Network, logistics company DTGruelle, and Russia's Ministry of Internal Affairs.

New-school security awareness training can enable your employees to thwart social engineering attacks. The Record has the story:
https://therecord.media/russian-hacking-group-spoofed-microsoft-login-page-of-us-military-supplier-report/

What KnowBe4 Customers Say

"Thank you for reaching out. Yes, very happy with the product so far. The ease of use is very refreshing. The ASAP outline is spectacular and has made roll out pretty easy.

"We completed baseline testing and sent out SAPA to IT and tech committee members, with plans to roll out SAPA to all employees next week. Everyone I've worked with so far, from Zac and Brittany to support and integration have been top notch as well.

"Thanks for checking in and I wanted to let you know, I intend to expand into NYS Compliance training."

- H.E., Technology Manager


"Good morning Stu, Thank you for checking in. We've had a great experience starting with KnowBe4, and our customer success manager, AudriaJ, has been the best. She has answered our questions, advised us on the most productive way to implement the services, and has a quick follow-up response time."

- T.J., IT Manager


"Hi Mr. Sjouwerman, I must say this is surprising to get an email not from just executive management but the founder and CEO of a company. Anyway, appreciate that and yes sir we are very happy with the product thanks to Andy. He has been keeping up with us as the customer success manager and checking on us every so often. We just got off a call with him today and wanted to make sure this was legit before I replied.

"The product has been a value to our organization but most of all the customer service we get from Andy has been outstanding. Thank you."

- K.K., Director of Platform Engineering and Security

The 10 Interesting News Items This Week
  1. The Professionalization of Ransomware: How Gangs Are Becoming Like Businesses:
    https://lookingglasscyber.com/resources/the-professionalization-of-ransomware/

  2. U.S. banks processed roughly $1.2 billion in ransomware payments in 2021, according to federal report
    https://www.cnbc.com/2022/11/01/us-banks-process-roughly-1point2-billion-in-ransomware-payments-in-2021.html

  3. Rackspace warns of phishing risks following ransomware attack:
    https://www.bleepingcomputer.com/news/security/rackspace-warns-of-phishing-risks-following-ransomware-attack/

  4. Top Popular Blog Post: Why Social Engineering Works And How To Arm Yourself Against "Human Hacking":
    https://blog.knowbe4.com/why-social-engineering-works-and-how-to-arm-yourself-against-human-hacking

  5. Amnesty International Canada breached by suspected Chinese hackers:
    https://www.bleepingcomputer.com/news/security/amnesty-international-canada-breached-by-suspected-chinese-hackers/

  6. Vice Society: Profiling a Persistent Threat to the Education Sector:
    https://unit42.paloaltonetworks.com/vice-society-targets-education-sector/

  7. CloudSEK claims it was hacked by another cybersecurity firm:
    https://www.bleepingcomputer.com/news/security/cloudsek-claims-it-was-hacked-by-another-cybersecurity-firm/

  8. Automated dark web markets sell corporate email accounts for $2:
    https://www.bleepingcomputer.com/news/security/automated-dark-web-markets-sell-corporate-email-accounts-for-2/

  9. Metaparasites: The cybercriminals who rip each other off:
    https://grahamcluley.com/metaparasites-the-cybercriminals-who-rip-each-other-off/

  10. 2022's Greatest Hacks and Leaks, Ranked:
    https://gizmodo.com/2022-best-hacks-cybersecurity-data-breaches-ranked-1849846600

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews