CyberheistNews Vol 14 #02 AI Breaks Free: New Insights Into The Latest Chatbot Jailbreak Hack

Cyberheist News

CyberheistNews Vol 14 #02  |   January 9th, 2024

AI Breaks Free: New Insights Into The Latest Chatbot Jailbreak HackStu Sjouwerman SACP

Fascinating article at TechXplore. Computer scientists from Singapore's Nanyang Tech University have managed to compromise multiple artificial intelligence (AI) chatbots, including ChatGPT, Google Bard and Microsoft Bing Chat, to produce content that breaches their developers' guidelines—an outcome known as "jailbreaking."

By training a large language model (LLM) on a database of prompts that had already been shown to hack these chatbots successfully, the researchers created an LLM chatbot capable of automatically generating further prompts to jailbreak other chatbots.

After running a series of proof-of-concept tests on LLMs to prove that their technique indeed presents a clear and present threat to them, the researchers immediately reported the issues to the relevant service providers, upon initiating successful jailbreak attacks.

Blog post with links and a fun video taking this idea to the "next level":

[New Features] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us TOMORROW, Wednesday, January 10, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

  • NEW! Callback Phishing allows you to see how likely users are to call an unknown phone number provided in an email and share sensitive information
  • NEW! Content Manager lets you easily customize your training content preferences including branding, adjustable passing score, test out and more
  • NEW! 2023 Phish-prone™ Percentage Benchmark By Industry lets you compare your percentage with your peers
  • Executive Reports helps you create, tailor and deliver advanced executive-level reports
  • See the fully automated user provisioning and onboarding

Find out how 65,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: TOMORROW, Wednesday, January 10, @ 2:00 PM (ET)

Save My Spot!

Lockbit 3.0 Ransomware Disrupts Christmas Emergency Care at German Hospitals

Hitting three hospitals within a Germany-based hospital network, the extent of the damage in this confirmed ransomware attack remains undetermined but has stopped parts of operations.

It appears that affiliates of ransomware gangs have forgotten the golden rule — you don't hit hospitals. It's one thing to disrupt operations at a regular brick and mortar business. But hitting a business where someone's life could be literally placed in jeopardy because a system is unavailable? That's downright sub-human.

And this is exactly what happened on Christmas Eve, no less, to three hospitals within the German-based hospital network, Katholische Hospitalvereinigung Ostwestfalen (KHO). According to a Google translation of their announcement of the attack, the attack happened in the early morning, causing all systems to be shut down as a precaution.

While the extent of the damage is unclear, some impact can be inferred from their notes on which services are available. According to the announcement, "Patient care is still guaranteed and the clinic continues to operate with slight technical restrictions, but we have withdrawn from emergency care for safety reasons."

Since Lockbit 3.0 is offered as a service, it's up to the affiliates to use their initial attack vector of choice. With many affiliates simply taking advantage of dark and clear web malicious services such as OLVX, access via compromised credentials remains one of the leading means of initial access….

Which puts the onus on organizations to educate their users (via new-school security awareness training) on how to see malicious phishing emails and web-based social engineering for what it really is — the starting point for a cyber attack.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:

[NEW WEBINAR] Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them

Navigating the cloud security landscape is no walk in the park. It requires IT professionals like you to not only tackle traditional security threats, such as managing data access and mitigating vendor risks, but also confront virtualization risks and tackle issues unique to the cloud.

With more and more programs and information relying on the cloud, maintaining robust security can feel like an uphill battle. Unsure where to start? We've got you covered!

Join us for this webinar where Roger A. Grimes, Data-Driven Security Evangelist at KnowBe4, will walk you through the ins and outs of cloud security. He'll share:

  • Top threats named by the Cloud Security Alliance to watch out for
  • How to approach your organization's cloud security and threat landscape
  • Real-world examples of cloud security breaches and their ripple effects
  • The risks of vendor-stored user data and strategies to prepare your organization for such threats
  • How to best protect yourself against today's top hacks and vulnerabilities both on and off the cloud

Learn about the most popular and successful threats against cloud environments and what you can do to best protect yourself against them. Plus earn CPE for attending!

Date/Time: Wednesday, January 17, @ 2:00 PM (ET)

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Save My Spot!

AI-Powered Invoice Fraud: How This Latest Scam Hijacks Your Business Transactions

Resecurity is tracking a cybercriminal gang called "GXC Team" that develops and sells tools to facilitate online banking theft and social engineering attacks. In November, the gang began selling a tool that uses artificial intelligence to craft fraudulent invoices for use in business email compromise (BEC) attacks. The invoices can hijack business transactions by replacing banking information contained in legitimate invoices.

"This tool employs proprietary algorithms to scrutinize compromised emails through POP3/IMAP4 protocols, identifying messages that either mention invoices or include attachments with payment details," the researchers write.

"Upon detection, it alters the banking information of the intended recipient (like the victim's supplier) to details specified by the perpetrator. The altered invoice is then either replaced in the original message or sent to a predetermined list of contacts.

"These methods are commonly employed in wire fraud and well-known bogus invoice scams. Often, accountants and staff in victimized companies do not thoroughly check invoices that appear familiar or nearly genuine, leading to unverified payments."

This tool is the latest in a wide variety of social engineering platforms developed by the threat actor.

"Previously, the 'GXC Team' gained notoriety for creating a wide array of online fraud tools, ranging from compromised payment data checkers to sophisticated phishing and smishing kits," Resecurity says.

"Masterminds In This Illicit Field"

"They have been considered the masterminds in this illicit field, supplying fellow cybercriminals with a suite of ready-to-use tools designed to defraud innocent consumers globally. Additionally, they offer ongoing updates and technical support for conducting fraud. Presently, the tools crafted by the 'GXC Team' are capable of targeting over 300 entities, including top financial institutions, government services, postal services, cryptocurrency platforms, payment networks, and major international online marketplaces."

Blog post with links:

Do Users Put Your Organization at Risk with Browser-saved Passwords?

Cybercriminals are always looking for easy ways to hack into your network and steal your users' credentials.

Verizon's Data Breach Investigations Report shows that attackers are increasingly successful using a combo of phishing and malware to steal user credentials. In fact, password dumpers, which allow cybercriminals to find and "dump" passwords your users save in web browsers, took the top spot for malware in the Verizon report.

Find out now if browser-saved passwords are putting your organization at risk.

KnowBe4's Browser Password Inspector (BPI) is a complimentary IT security tool that allows you to analyze your organization's risk associated with weak, reused, and old passwords your users save in Chrome, Firefox and Edge web browsers.

BPI checks the passwords found in the browser against active user accounts in your Active Directory. It also uses publicly available password databases to identify weak password threats and reports on affected accounts so you can take action immediately.

With Browser Password Inspector you can:

  • Search and identify any of your users that have browser-saved passwords across multiple machines and whether the same passwords are being used
  • Quickly isolate password security vulnerabilities in the browser and easily identify weak or high-risk passwords being used to access your organization's key business systems
  • Better manage and strengthen your organization's password hygiene policies and security awareness training efforts

Get your results in a few minutes! They might make you feel like the first drop on a roller coaster!

Find Out Now:

Vote for KnowBe4 as the Security Innovator of the Year Award at the Dutch IT Channel Awards!

I have some exciting news to share! KnowBe4 is nominated for the Security Innovator of the Year Award at the Dutch IT Channel Awards. We are thrilled and honored at the recognition, but we need your support to win the title.

If you've got two spare minutes, we'd be incredibly grateful for your support. Your vote can make a big difference, and it only takes a moment.

Thank you in advance for your support! Let's make it happen!

Vote Now:

A Dream Team Security Awareness Training Program?

By Roger A. Grimes

Every person and organization is different and requires slightly different methods and ways of learning. But every person and organization can benefit by more frequent security awareness training (SAT).

Most organizations do not do enough. Training and testing once a year certainly is not that helpful. How often should you do SAT to get the biggest decrease in cybersecurity risk? At least once a month, if not more. But a sophisticated SAT program includes a combination of methods and tools.

We will share one recommended, "dream team" training and testing schedule here.

Training When Hired

Whenever anyone is hired, they should be provided more extensive SAT. It should cover a bunch of topics, give a lot of examples of popular social engineering and phishing scams, and include some quizzes. This training should be 15-45 minutes long. Then every year, give a long SAT training session, but do not use the same content as before.

The training doesn't have to be on January 1st, and probably shouldn't be, as most organizations are busy preparing for the new year. But most organizations probably do offer/require the longer training in January or the first quarter of each year.

[CONTINUED] Blog post with links:

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: I will be delivering the keynote at KB4-CON 2024 March 4-6 in Orlando. Come join me!:

PPS: I need your help, I'm super interested to know what your current preferences are related to licensing and pricing models for security software. You may love or hate particular models, and I'm dying to know what you actually like the best. It's four minutes or less. Thanks so much!:

Quotes of the Week  
"It's not supposed to be easy. Anyone who finds it easy is stupid. Knowing that you don't know is more useful than being brilliant."
- Charlie Munger (1924 - 2023)

"Nothing is so difficult as not deceiving oneself."
- Ludwig Wittgenstein (1889 - 1951)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog

Security News

Book Recommendation: The Coming Wave

"The Coming Wave" by Mustafa Suleyman discusses the imminent AI technological revolution and its impact on society. The book explores the concept of "the containment problem," focusing on maintaining control over powerful technologies to prevent catastrophic outcomes. It highlights the dual nature of this tech wave, offering both risks and opportunities at an unprecedented scale.

Suleyman provides a guide for navigating these changes, emphasizing the need for effective management of these technologies to benefit society. The book is recognized for its insightful and authoritative perspective on the future of technology and its societal implications.

Check it out here:

New Research: Phishing Attacks Stole $295 Million In Crypto In 2023

Researchers at Scam Sniffers have found that phishing attacks stole nearly $295 million worth of cryptocurrency from 324,000 victims in 2023, CryptoSlate reports. The cryptocurrency is stolen by malware delivered via phishing sites.

"Wallet Drainers, a type of malware related to cryptocurrency, has achieved significant success over the past year," the researchers write. The code is deployed on phishing websites to trick users into signing malicious transactions, thereby stealing assets from their cryptocurrency wallets. These phishing activities continue to attack ordinary users in various forms, leading to significant financial losses for many who unwittingly sign malicious transactions.

"These phishing activities continue to attack ordinary users in various forms, leading to significant financial losses for many who unwittingly sign malicious transactions."

The year was marked by several major cryptocurrency thefts enabled by social engineering. "It is worth mentioning that almost $7 million was stolen on March 11 alone," the researchers write. "Most of it was due to fluctuations in USDC rates, as victims encountered phishing websites impersonating Circle. There were also significant thefts close to March 24, when Arbitrum's Discord was hacked and their airdrop date is also near that. Each peak in theft is associated with group-related events. These could be airdrops or hacking incidents."

The researchers tracked six major wallet drainers, each of which pilfered tens of millions of dollars in 2023. "Following ZachXBT's exposure of Monkey Drainer, they announced their departure after being active for 6 months," the researchers write. "Venom then took over most of their clientele.

"Subsequently, MS, Inferno, Angel, and Pink all appeared around March. As Venom stopped services around April, most phishing gangs turned to using other services. The scale and speed have escalated alarmingly. For instance, Monkey drained $16 million over a span of 6 months, while Inferno Drainer outpaced this significantly, looting $81 million in just 9 months. Based on a 20% Drainer fee, they profited at least $47 million from selling wallet drainer services."

Blog post with links:

What KnowBe4 Customers Say

"Hello Stu, I recently introduced KnowBe4's software suite into our company here in the past six months, primarily for security training and phishing purposes, but we have also leveraged it for HR and compliance training. I just wanted to let you know that I could not be more impressed with the ROI that I believe we get from your products!

It has been incredibly easy to implement, understand, and manage, and with the constrained resources we have, it has made our lives better in many ways!

I also wanted to take a minute to separately brag on our Customer Success Manager, Erika B., as she has been incredibly helpful every step of the way! She is knowledgeable, incredibly kind, and quick to answer any questions we might have.

She also knows exactly what to do to make sure we are getting the most out of our product and enhancing our security posture! Kudos to Erika, she is a great asset on your team!

I won't take too much more of your time, but I just wanted to thank you for what your team is doing there, and I look forward to the ways your product will grow and improve! I am a happy customer and new evangelist for KnowBe4's products and look forward to continued success!"

- J.L., CISSP, CGRC Information Security Manager

"Good morning Stu, I was speaking to our CSM Troy C. this morning and he asked me to pass on this information to you. Our school district has had three phish email attacks within six days, related to an email hacking of an area school district!

But thanks to KnowBe4 staff training and the Phish Alert button, my staff alerted me and I was able to PhishRIP them out of mailboxes before anybody clicked on anything. One of the emails was very well done and looked legit.

The staff member said it was because of the KnowBe4 training that she had an uneasy feeling about the email. She knew the sender and contacted her directly. The sender informed her that she had indeed been hacked and it had stemmed from the other school district phish emails. I am SO thankful for KnowBe4 and my awesome diligent coworkers!

Since we purchased PhishER, we have stopped 14 phish email threats in their tracks by staff using their "phish hooks." KnowBe4 is awesome and I have recommended it to all the technology coordinators in the area.

I would also like to put in a positive review for Troy. He has been a great CSM for our school, always responds quickly to my emails, and is a pleasure to work with. He is always cheerful and so helpful. I think we need more Troys in the world.

I hope your 2024 is going smoother than ours so far! Have a great weekend."

- T.B., District Technology Coordinator

The 10 Interesting News Items This Week
  1. It's an Arms Race': How We're Already Losing The Battle to Stop Harmful AI Fakes:

  2. New SEC rules: The murkiness of materiality:

  3. Palestinian Hackers Hit 100 Israeli Organizations in Destructive Attacks:

  4. Scammers Selling Twitter (X) Gold Accounts Fueling Disinfo, Phishing:

  5. Russian Agents Hack Webcams to Guide Missile Attacks on Kyiv:

  6. [Just Desserts] Nigerian hacker arrested for stealing $7.5M from charities:

  7. Russian hackers infiltrated Ukrainian telecom giant months before cyberattack:

  8. Why red-teaming is crucial to the success of Biden's executive order on AI:

  9. The FCC Expands Scope of Data Breach Notification Rules:

  10. Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day:

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews