Phishing


Threat Actors Target Western Digital, Cripple Its My Cloud Service

Threat Actors Target Western Digital, Cripple Its My Cloud Service

Undoubtedly, famous public cloud services providers like Amazon, Google, Microsoft, and Western Digital offer a more secure cloud environment than on-premise servers. But what if the hackers target them, locking you out and hampering productivity? Follow this article to learn about the latest attack on Western Digital.

Western Digital recently announced today that an unauthorized party breached its network, gaining access to its multiple company systems. After discovering the breach, the firm launched an investigation into the incident (which is in the early stages) and informed the law enforcement authorities.

(more…)

Sensitive Information at Risk as a Security Breach Hits US Marshals Service

Sensitive Information at Risk as a Security Breach Hits US Marshals Service

A major security breach has recently hit the US Marshals Service, putting sensitive information at risk, according to senior law enforcement officials. Learn more about the details of the breach, how it happened, the data at risk, and the steps being taken to address it.

The US Marshals Service was hit by a major security breach this month, with hackers breaking into and stealing data from a computer system that contained personal information about investigative targets and agency employees, as confirmed by a spokesman for the service on Monday.

(more…)

TELUS Launches Investigation After Potential Data Breach Leaks Source Code and Employee Info

TELUS Launches Investigation After Potential Data Breach Leaks Source Code and Employee Info

TELUS, the Canadian telecom giant, is investigating a potential data breach after a threat actor leaked what appears to be employee data and source code. TELUS has initiated an investigation in response to the breach to assess the scope of the incident and safeguard its customers and staff from any potential risks. Stay updated with the latest developments on this incident with this article as we share what happened, how it happened, and what TELUS is doing.

(more…)

Threat Actors use NameCheap’s Email to Execute Metamask and DHL Phishing Attacks.

Threat Actors use NameCheap’s Email to Execute Metamask and DHL Phishing Attacks.

The recent security breach and phishing campaign that occurred at Namecheap, a domain registrar, serves as a stark reminder of the persistent and evolving threats posed by cybercriminals. In this post, we will delve into the details of the breach and the phishing campaign and offer some essential tips to help protect against phishing scams.

The web hosting company and domain registrar Namecheap recently suffered a security breach when its email account was hacked. This breach resulted in a phishing campaign that targeted the cryptocurrency wallet MetaMask and the logistics company DHL, intending to obtain personal and cryptocurrency wallet information from susceptible users.

(more…)

Threat Actors Breach Reddit and Access Internal Documents, Code, and Business Systems

Threat Actors Breach Reddit and Access Internal Documents, Code, and Business Systems

Threat actors managed to infiltrate the popular social media platform Reddit and access internal documents, code, and some internal business systems, highlighting the need for individuals and organizations to take robust measures to safeguard their information. This text shares the details of the attack, what information was accessed, what Reddit is doing, and how to stay protected.

(more…)

Find Out About the Latest Case of Threat Actors Utilizing Phishing-as-a-Service to Steal $120,000

Find Out About the Latest Case of Threat Actors Utilizing Phishing-as-a-Service to Steal $120,000

Threat actors made away $120,000 from an innocent victim by duping them with a sophisticated scam. This text shares the details of the cyberattack and shows how you can protect yourself.

As technology advances at a dizzying pace, so does the cunning of those seeking to exploit it for their nefarious purposes. One such example of this unfortunate reality can be seen in the recent surge of ‘Phishing-as-a-service‘ kits, which provide a turnkey solution for would-be thieves to engage in digital fraud and easily steal sensitive information. This malign development is fueling an alarming uptick in incidents of theft, with victims ranging from individuals to large corporations.

(more…)

Microsoft Disables Verified Microsoft Partner Network Accounts Used In Malicious Third-Party OAuth App Campaign

Microsoft Disables Verified Microsoft Partner Network Accounts Used In Malicious Third-Party OAuth App Campaign

The latest online status symbol is getting verified on popular platforms like Instagram, Apple AppStore, or Twitter. Users trust verified accounts more; similarly, third-party OAuth app publishers get verified by Microsoft. However, researchers recently discovered the latest malicious third-party OAuth app campaign abusing Microsoft’s “verified publisher” status. Read on to learn more about the story.

Microsoft recently disabled many fraudulent, verified MPN (Microsoft Partner Network) accounts for designing malicious OAuth apps that breached business cloud environments to steal emails.

(more…)

Massive Google Fi Data Breach Opens up Individuals to SIM Swapping Attacks

Massive Google Fi Data Breach Opens up Individuals to SIM Swapping Attacks

The Google Fi platform was breached due to one of its unsecured network providers, opening the platform’s customers up to SIM-swapping attacks. This text describes the data breach, how it happened, what data was taken, the details of the SIM swapping attacks, and how to protect yourself against these.

Your private information may be at risk as a massive Google Fi data breach has opened the doors to a dangerous new threat – SIM swapping attacks. Google’s US-only telecommunications and mobile internet service, Google Fi, has informed its customers that one of its private network providers suffered a data breach leading to the exposure of personal data that led to SIM swapping attacks.

(more…)

Threat Actors Using Malicious OneNote Attachments to Spread Malware via Phishing Emails

Threat Actors Using Malicious OneNote Attachments to Spread Malware via Phishing Emails

Threat actors have switched to a new type of file for their malicious purposes, this time in the form of Microsoft OneNote attachments in emails to deploy information-stealing malware. Join us as we provide an in-depth view into the new attack campaign and how to protect against it.

The growing cybercriminal wave and headlines of novel attack campaigns have a new addition, this time in the form of OneNote attachments. Threat actors have evolved their phishing campaigns and are using OneNote attachments that infect the victim systems with malware to gain remote access to gain access for malicious purposes.

(more…)

PayPal Credential Stuffing Attack: Data of nearly 35,000 Accounts at Risk

PayPal Credential Stuffing Attack: Data of nearly 35,000 Accounts at Risk

Nearly 35,000 PayPal customers were the victim of a credential stuffing attack where threat actors got access to their personal and financial information. This text shares details about the attack, what actually happened, how PayPal handled the case, what the organization is doing for the affected customers, and how you can protect your PayPal accounts and data.

(more…)

The Power of ChatGPT: How ChatGPT is Changing the Phishing Game

The Power of ChatGPT: How ChatGPT is Changing the Phishing Game

ChatGPT is changing the phishing game for threat actors who can use it for crafting phishing emails and bypassing MFA. This text shares the power of ChatGPT in the hands of phishing actors, how it can be used for email crafting, and how you can protect yourself from AI-powered phishing.

ML (Machine Learning) Models and AI (Artificial intelligence) chatbot technology has come a long way in recent years, and one of the most advanced models is ChatGPT. Making headlines worldwide with its ability to understand and respond to natural language inputs, ChatGPT is a valuable tool in multiple industries.

However, like two sides of a coin, ChatGPT can significantly impact innocent lives in the hands of threat actors. In this article, we will explore how ChatGPT is changing the phishing game and the potential implications of this technology for both businesses and individuals.

 

The Emergence of ChatGPT and its Role in Phishing

ChatGPT, OpenAI’s large language model, has brought about significant progress in the field of NLP (Natural Language Processing), with applications ranging from customer service, virtual assistants, and even phishing detection and prevention, which is ironical since it can also be used for malicious purposes of phishing and targeting innocent individuals without much effort.

As technology continues to develop, we can expect to see ChatGPT being used more and more innovatively, making it a mighty tool for shaping the future. But we can also see it being used by threat actors to overcome the challenges of crafting phishing emails leading to more sophisticated campaigns with this AI chatbot. But how exactly does ChatGPT fit with phishing and cyberattacks?

 

 

ChatGPT Assisting Phishers in Social Engineering and Email Crafting

Phishing is a common tactic used by cybercriminals to trick individuals into sharing sensitive information, such as login credentials or financial information. However, the phishing game is changing with the emergence of AI chatbot technology like ChatGPT. Where ChatGPT can be trained to detect and respond to phishing attempts, making it a valuable asset in the fight against cybercrime, it also takes care of the challenges that low-level cybercriminals face while crafting phishing emails.

Threat actors, or individuals who engage in phishing attacks, face several challenges when crafting phishing emails. Crafting a successful phishing email is a complex task that requires a significant amount of skill and knowledge.

One of the main challenges is making the email appear as legitimate as possible to increase the likelihood of the recipient falling for the scam or social engineering tactic, which almost always involves creating a sense of urgency or fear in the recipient to prompt them to act quickly without thinking. ChatGPT can take care of this to continually craft phishing email templates for mass phishing campaigns enabling threat actors to cause all kinds of harm.

For example, when researchers at HoxHunt were checking how capable the AI chatbot was in crafting phishing emails, they asked it to prepare a BEC (Business Email Compromise) phishing attack impersonating the CEO (Chief Executive Officer) for a defunct organization by the name Standard Oil. ChatGPT delivered a phishing email with the CEO reaching out to individuals for their immediate attention, informing them of financial restructuring, and asking them to redirect invoices to a new account.

 

ChatGPT for Phishing

 

Threat actors can and are already utilizing the AI chatbot for crafting malicious phishing emails. Just like RaaS (Ransomware as a service) models transformed ransomware attacks, enabling threat actors to target more organizations for financial gains, ChatGPT can be a similar catalyst for phishing campaigns to target individuals and enterprise workforce. But how is ChatGPT helping threat actors? Let us see.

 

How Threat Actors can Utilize ChatGPT for Phishing

ChatGPT has advanced coding capabilities that enable threat actors to carry out malicious activities. However, limiting the topic to ChatGPT’s ability to provide writing is an impressive and dangerous feat. Furthermore, since the chatbot improves quickly and offers various ways to write emails that are indistinguishable from the ones that humans write, phishing actors can utilize the AI chatbot and similar platforms to create anything they need to dupe innocent individuals on the Internet, including fake web personas, fake website presence, and more.

Here are two areas where ChatGPT can help attackers:

  1.     Translation

ChatGPT has over 20 languages, including English, Chinese, Korean, and more, but individuals on the Internet have tested nearly 100, and ChatGPT comes through. Now that language is no bar, any individual could explain to ChatGPT what they need as an output, and it would provide the writing promptly, even if the writing were a phishing email. Even though the AI chatbot is blocked in Russia, individuals and threat actors have found ways to use the chatbot via VPNs (Virtual Private Networks) and foreign numbers.

 

  1.     Bypassing MFA

With the boom of NLP, ChatGPT can convincingly carry on conversations in a human-like manner and can be used to bypass MFA (Multi-Factor Authentication). In the past, threat actors have used SMSRanger, BloodOTPbot, and other similar bots in turbo-charged phishing attacks to automatically follow up credential harvesting attacks, asking the victim for the OTP (One Time Password) code and making a fool of 2FA (Two Factor Authentication).

When threat analysts at Hoxhunt asked the chatbot how it could bypass MFA, it said, “These chatbots can engage with people in a human-like manner and trick them into revealing their personal information or MFA credentials. For example, an attacker may use a chatbot to impersonate a trusted individual or organization and request that the victim provide their password or security token.”

 

chatbot bypass MFA

 

Since NLP-enabled and AI chatbots are more intelligent, they can keep up with individuals and move with the flow of the conversation to dupe them out of security codes, helping the threat actor bypass MFA.

 

How to Protect Yourself from Phishing in the age of AI-powered Phishing Campaigns?

The legacy approaches of always being cautious of unsolicited messages and never clicking on links or downloading attachments from unknown or suspicious sources work. And leveraging anti-phishing tools and software, such as email filters and browser extensions, to detect and block phishing attempts can add a layer of protection. But here are some tips to protect yourself from phishing in the age of AI-powered phishing campaigns: 

  • Offering a simple method for reporting suspicious emails.
  • Scrutinizing web traffic through a secure web gateway to safeguard both on-premises and remote users.
  • Verifying URLs (Uniform Resource Locator) for malicious content or typosquatting.
  • Implementing email security protocols such as DMARC (Domain-based Message Authentication, Reporting, and Conformance), DKIM (DomainKeys Identified Mail), and SPF (Sender Policy Framework) to combat domain spoofing and content tampering.
  • Isolating Word documents and other attachments in a sandbox environment to prevent them from accessing corporate networks.

 

Final Words

AI chatbots like ChatGPT can become powerful tools for threat actors to carry out phishing attacks. They can mimic human behavior and communication patterns to make their phishing attempts more convincing and automate the process to increase their chances of success, which is why it is imperative for organizations to stay informed about the latest phishing tactics and to implement advanced security measures, such as AI-based threat detection and response, to detect and respond to these threats.

 

email phishing protection

 

Despite the potential risks and the potential of ChatGPT on the other side, the benefits of ChatGPT in transforming the world and implementing AI chatbots in security are undeniable and will continue to play an important role of phishing protection in the future.

BitRAT Malware Threat Actors Leveraging Stolen Columbian Cooperative Bank Data in Phishing Campaign

BitRAT Malware Threat Actors Leveraging Stolen Columbian Cooperative Bank Data in Phishing Campaign

The BitRAT malware was used to target the Columbian Cooperative Bank, where the threat actors made away with records of over 400,000 individuals. The threat actors are using the information from these records for a massive spear phishing campaign. This text sheds light on the event, shares what BitRAT is, the BitRAT Columbian Cooperative Bank breach, an analysis of the latest BitRAT sample, why BitRAT is a grave threat, and shares how organizations can protect against BitRAT malware.

(more…)