CyberheistNews Vol 13 #18 | May 2nd, 2023
[Eye on AI] Does ChatGPT Have Cybersecurity Tells?
Poker players and other human lie detectors look for "tells," that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when they're about to bluff, for example, or someone's pupils dilate when they've successfully drawn a winning card.
It seems that artificial intelligence (AI) has its tells as well, at least for now, and some of them have become so obvious and so well known that they've become internet memes. "ChatGPT and GPT-4 are already flooding the internet with AI-generated content in places famous for hastily written inauthentic content: Amazon user reviews and Twitter," Vice's Motherboard observes, and there are some ways of interacting with the AI that lead it into betraying itself for what it is.
"When you ask ChatGPT to do something it's not supposed to do, it returns several common phrases. When I asked ChatGPT to tell me a dark joke, it apologized: 'As an AI language model, I cannot generate inappropriate or offensive content,' it said. Those two phrases, 'as an AI language model' and 'I cannot generate inappropriate content,' recur so frequently in ChatGPT generated content that they've become memes."
That happy state of easy detection, however, is unlikely to endure. As Motherboard points out, these tells are a feature of "lazily executed" AI. With a little more care and attention, they'll grow more persuasive.
One risk of the AI language models is that they can be adapted to perform social engineering at scale. In the near term, new-school security awareness training can help alert your people to the tells of automated scamming. And in the longer term, that training will adapt and keep pace with the threat as it evolves.
Blog post with links:
https://blog.knowbe4.com/chatgpt-cybersecurity-tells
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, May 3, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
- NEW! Executive Reports - You can now create, tailor and deliver advanced executive-level reports
- NEW! Security Culture Benchmarking feature lets you compare your organization's security culture with your peers
- NEW! KnowBe4 Mobile Learner App - Users can now train anytime, anywhere!
- Did you know? You can upload your own SCORM training modules into your account for home workers
- Active Directory or SCIM Integration to easily upload user data, eliminating the need to manually manage user changes
Find out how 55,000+ organizations have mobilized their end-users as their human firewall.
Date/Time: TOMORROW, Wednesday, May 3, @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/4194769/5203727BEF3186811D42096B28CAA603?partnerref=CHN2
Latest QBot Attacks Use a Mixture of PDF Attachments and Windows Scripting Host Files to Infect Victims
QBot malware seems to be outliving its competitors through innovative new ways to socially engineer victims into helping install it.
Because "good guys" are constantly updating the way they detect attacks, cybercriminals need to run at an equally fast pace, coming up with new ways to see malware installed on victim endpoints. What determines the longevity of a piece of malware really comes down to whether its authors are working to stay ahead of security solutions.
This appears to be the case with Qbot. Since 2008, we've seen QBot in the past using a wide variety of tactics, including HTML smuggling, and it continues to be a formidable foe, with its latest iteration using several tactics together.
First, it uses an HTML attachment made to appear as if it's a PDF file. The HTML downloads and opens a PDF that asks the user to click the "OPEN" button to reveal the "protected file."
[CONTINUED] blog post with screenshots and links:
https://blog.knowbe4.com/qbot-attacks-pdfs-windows-scripting-host-files
A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation
Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they're more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more.
Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, where he'll share a comprehensive strategy for phishing mitigation. With 30+ years of experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making sure you're prepared to defend against ever-present IT security threats like phishing.
In this webinar you'll learn:
- How to develop a comprehensive defense-in-depth plan for phishing mitigation
- Ideas for security policies you can implement now
- Technical controls all organizations should consider
- Gotchas to watch out for with cybersecurity insurance
- Why it's critical to develop your organization's human firewall
Get the details you need to know now to protect your organization from phishing and social engineering attacks.
Date/Time: Wednesday, May 10, @ 2:00 PM (ET)
Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.
Save My Spot!
https://info.knowbe4.com/phishing-mitigation-mc?partnerref=CHN
[Eyes Wide Shut] Fed Powell's Call with Russian Pranksters Exposed as Social Engineering
It was all over the news. Fed's Jerome Powell was social engineered by Russian pranksters posing as Zelensky.
According to video footage shown on Russian state television, Federal Reserve Chairman Jerome Powell unwittingly spoke with a duo of Russian pranksters who were pretending to be Ukrainian President Volodymyr Zelensky during a call. Powell provided responses to various questions about topics like inflation and the Russian central bank, believing that he was speaking with Zelensky.
The integrity of the 15-minute footage is uncertain because of the current technical advances in deepfake audio and video technology.
According to a statement from a spokesperson for the Federal Reserve on Thursday, Chair Powell had a friendly conversation in January with an individual who pretended to be the Ukrainian president. The conversation occurred in the context of the Federal Reserve's support for the Ukrainian people during a difficult time. No sensitive or confidential information was exchanged.
A Bloomberg article stated: "The matter has been referred to appropriate law enforcement, and out of respect for their efforts, we won't be commenting further." The fact they confirm the call makes you wonder how on earth could a prank call like this get through the security layers at the Fed?
For years, Vladimir Kuznetsov and Alexei Stolyarov, who support President Vladimir Putin, have successfully tricked foreign politicians into speaking with them. In 2018, the UK government stated that they believed the Kremlin was responsible for a hoax call made to the Foreign Secretary at the time, Boris Johnson.
In a previous incident, the two individuals pretended to be Ukrainian President Zelensky and spoke with European Central Bank chief Christine Lagarde. They also impersonated former Ukrainian President Petro Poroshenko and spoke with Germany's former chancellor, Angela Merkel. Merkel seemed suspicious during the call but did not confront the impersonators.
OK, it is clear that we need some high-level security awareness training here. Don't let this happen to your C-level executives!
Blog post with links:
https://blog.knowbe4.com/eyes-wide-shut-fed-powells-call-with-russian-pranksters-exposed-as-social-engineering
Re-Check Your Email Attack Surface Now. (We Are Always Adding New Breaches)
Your users are your largest attack surface. Data breaches are getting larger and more frequent. Cybercriminals are getting smarter every year. Add it all up and your organization's risk skyrockets with the amount of your users' credentials that are exposed.
It's time to re-check your email attack surface.
Find out your current email attack surface now with KnowBe4's Email Exposure Check Pro. EEC Pro identifies your at-risk users by crawling business social media information and now also thousands of breach databases.
EEC Pro leverages one of the largest and most up-to-date breach data sources to help you find even more of your users' compromised accounts that have been exposed in the most recent data breaches - fast.
Get your EEC Pro Report in less than 5 minutes. It's often an eye-opening discovery. You are probably not going to like the results...
Do this complimentary test now!
Get Your Report:
https://info.knowbe4.com/email-exposure-check-pro-chn-2
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: Your KnowBe4 Fresh Content Updates from April 2023:
https://blog.knowbe4.com/knowbe4-content-updates-april-2023?
PPS: Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes:
https://www.infosecurity-magazine.com/news/cyberattacks-civilian/
- William Arthur Ward - Writer (1921 - 1994)
- John Quincy Adams - 6th US President (1767 - 1848)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-13-18-eye-on-ai-does-chatgpt-have-cybersecurity-tells
Phishing Attack Frequency Rises Nearly 50% as Some Sectors Increase by as Much as 576%
New data provides a multi-faceted look at the changing face of phishing attacks. This data includes who's being targeted, the tactics being used, and why phishing attacks continue to work.
If 2022 is any indication of what the remainder of this year will hold for organizations fending off cyber attacks, cybersecurity efforts are going to need a whole lot more emphasis.
According to Zscaler's newly-released ThreatLabz 2023 Phishing Report, we get a view into the attack trends throughout 2022 that provide insight into what we should be expecting more of this year.
According to the report:
- The number of phishing attacks rose 47% overall
- United States and the U.K. were the top two targeted countries
- Education, finance and government were the top three sectors, with attacks on education skyrocketing 576%
- Microsoft, OneDrive, and Binance were the top three impersonated brands
The growth in phishing needs to be presented in context. Remember, we've seen growth in phishing attacks for the last number of years. So, the increased growth Zscaler highlights cumulative year over year growth. It's why we continue to see phishing as the most common form of cyber attack.
This is also why no cybersecurity defense is complete without including security awareness training to leverage users to protect the organization when security solutions can't.
Blog post with links:
https://blog.knowbe4.com/phishing-attack-frequency-rises?
A New Business Model for Russian KillNet Hacktivists
The Russian Wagner Group has become the most notorious "private military corporation" in the world, heavily engaged in support of Russian military operations in Africa, the Middle East, and, of course, Ukraine. Russia's war in Ukraine has seen the emergence of a range of hacktivist and privateering cyber gangs that have worked effectively as auxiliaries of the Russian security and intelligence services.
The most famous and active of such groups is KillNet, known mostly for distributed denial-of-service and doxing attacks against poorly prepared targets. KillNet has supported itself with voluntary contributions, but that hasn't proved to be as lucrative as they might have wished, so they're moving in a new direction, revenue-wise, and they're seeking to take a page from the Wagner Group.
"Looking, apparently, for a bigger payday, yesterday the Russian cyber auxiliary KillNet announced that they would become Russia's 'Private Military Hacker Company (PMHC).'" the CyberWire reports. "What this means for their operational tempo is unclear, but they promised they would continue DDoS attacks against NATO sites as they pursue their current objective of 'destroying NATO infrastructure.'
"The group says it will now also accept jobs from private individuals and from governments. They will still work to defend Russian interests. They explained in their post that they will no longer be making money from donations and promised sponsorships (and they included an emoji that indicated the sponsorships fell short of expectations)."
KillNet has yet to release any information on pending contracts (either governmental or private) to conduct cyber warfare, and their claims to actually have likely customers should be taken with the proverbial grain of salt. But it's a new development in the threat landscape.
KillNet's forays into disinformation suggest that they might well turn their hand to fraud directed at businesses and individuals. In any case, new school security awareness training can help your people stay alert and safe online.
The CyberWire has the story:
https://thecyberwire.com/stories/5928f4b47ca643929516331e6638596b/ukraine-at-d427--russian-cyberattacks-and-disinformation-before-ukraines-spring-offensive
What KnowBe4 Customers Say
"Good day, I am the Manager of our Security Operations Center. We recently purchased the PhishER platform to be added to our KnowBe4 suite of tools to assist my team. I wanted to reach out to you both today to recognize the efforts of Sarah M. and Greg Y.
Both team members provided not only phenomenal support and professional service, but they were a genuine and a pleasure to talk to and work with. Just as these two probably deal with dozens of customers a month, I deal with my fair share of vendors.
Sarah took a lot of time to not only ensure we got the best resources and fast answers to questions, but she responded accordingly to every hiccup that we ran into through the process of procurement that, as I assume you are more than familiar with, can be challenging. Greg in a similar fashion showed up multiple times as we threw our specific needs and questions for our environment his way.
He worked to ensure our integrations were correct, offered additional guidance for planned future integrations for when we accomplish them and stayed active with our conversations to ensure that even if I was too busy to reach out, that the support was available.
"So in the end, I want to pass my genuine thanks to your team members. Security can be a difficult field to manage. Working with them was clear, concise and a very positive experience."
- M.C., Manager Cyber Security Operations Center
- 5 ways threat actors can use ChatGPT to enhance attacks:
https://www.csoonline.com/article/3694931/5-ways-threat-actors-can-use-chatgpt-to-enhance-attacks.html - The NSA Is Warning AI Startups: 'China Is Coming For You':
https://www.defenseone.com/technology/2023/04/nsa-warning-ai-startups-china-coming-you/385773/ - One of Putin's Biggest Mistakes Is Finally Catching Up With Him:
https://www.thedailybeast.com/one-of-putins-biggest-mistakes-is-finally-catching-up-with-him - Security Guru Bruce Schneier Article in the Atlantic: "Just Wait Until Trump Is a Chatbot":
https://www.theatlantic.com/technology/archive/2023/04/ai-generated-political-ads-election-candidate-voter-interaction-transparency/673893/ - Japanese authorities urge caution as phishing cases rise:
https://www3.nhk.or.jp/nhkworld/en/news/20230425_21/ - WSJ Joanna Stern: "I Cloned Myself With AI. She Fooled My Bank and My Family.":
https://www.wsj.com/articles/i-cloned-myself-with-ai-she-fooled-my-bank-and-my-family-356bd1a3 - NSA Cybersecurity Director Says 'Buckle Up' for Generative AI:
https://www.wired.com/story/nsa-rob-joyce-chatgpt-security/ - Indian Scam Call Centers: 'They're coming up with devious ways to take your money':
https://www.theguardian.com/tv-and-radio/2023/apr/28/scam-interceptors-bbc-ethical-hacker - Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers:
https://www.csoonline.com/article/3694850/iranian-cyberspies-deploy-new-malware-implant-on-microsoft-exchange-servers.html/ - Can Someone With No Programming Experience Write Ransomware Using ChatGPT?:
https://explore.avertium.com/resource/can-someone-with-no-program-experience-write-ransomware-using-chatgpt
- Your Virtual Vaca this week: Gorgeous Coyote Buttes South, Arizona, USA:
https://www.youtube.com/watch?v=lVihoaC4LwA - Wingsuit soaring to a mountain lake in the Dolomite Mountains:
https://www.youtube.com/watch?v=i3hHo8bjG4c - Bungee Jumping off New Zealand's Victoria Falls Bridge, 7th Natural Wonder of the World:
https://youtu.be/8qWAa46UtKM - The Flying Box Illusion by Magic Unlimited, I see a second person in the box, but how they do it?:
https://www.flixxy.com/flying-box-illusion-by-magic-unlimited.htm?utm_source=4 - 'The Last Question' by Isaac Asimov. He said: "This is by far my favorite story of all those I have written.":
https://users.ece.cmu.edu/~gamvrosi/thelastq.html - Can you figure out how he does it? It is based on a phenomenon known in mathematics as the 'missing square puzzle.':
https://www.flixxy.com/missing-square-puzzle.htm?utm_source=4 - The World's Most Advanced Police Car Fleets:
https://www.youtube.com/watch?v=TukUMmQCGt4 - Bridge girder erection Machine: SLJ900:
https://youtu.be/vKGYs71N72c - The Failed Plan to Save Venice From Flooding:
https://youtu.be/4hKXOfQ6JmE - Lockpicking Lawyer: Abus Bike Lock VISUALLY Decoded!:
https://youtu.be/WuBS3xYfrOo - For Da Kids #1 - Woman Rescues A Baby Shark:
https://youtu.be/wFzSHRPQR38 - For Da Kids #2 - Golden Retrievers Teach Their Puppy Brother To Swim:
https://youtu.be/spcQRd_Z7K4 - For Da Kids #3 - This Baby Goat Is Smaller Than A Cat:
https://youtu.be/wLW3vvUA_NA - For Da Kids #4 - Wild Mustang Finally Learns To Trust Her New Mom:
https://youtu.be/mq3dKHmjwxc - For Da Kids #5 - Mom Will Do Anything To Make Her Bull Happy:
https://youtu.be/ZwHL9dh__u4