ChatGPT used in crypto botnet
We’ve seen threat actors starting to explore uses for generative AI. Now researchers at Indiana University Bloomington discovered a new use case, running a botnet. This saw the attackers operate over 1100 accounts on the social network X tied to a crypto fraud scheme, with many using text from ChatGPT to create content and reply. Professor Filippo Menczer said they discovered the botnet due to laziness of the operators, who left in many contextual warning produced by ChatGPT when answering on sensitive subjects. This saw some content prefaced by, “as an AI language model …” kind of a dead giveaway. The researcher said this represented low-hanging fruit, and that threat actors of even modest sophistication could likely pull off a campaign much more convincingly.
Brits tipping off ransomware targets
The Record’s Alexander Martin profiled the UK’s Early Warning system, operated by the UK’s National Cyber Security Centre. This provides tips to organizations being targeted by ransomware groups. Over the last three months, Early Warning provided tips to one organization over three days, although this only represents about 2% of detected events. This combines signals gathered by UK intelligence agencies with public, commercial, and other inputs to early stage targets. UK officials say it set up Early Warning as an opt-in service because alerting organizations remains challenging. For those not enrolled, finding points of contact remains challenging, as does convincing organizations the notification isn’t a scam itself.
Tesla data breach caused by insiders
This comes from a data breach notice filed with Maine’s attorney general. An investigation by the EV maker found that two former employees leaked data on over 75,000 employees to the German newspaper Handelsblatt. This included names, employment records, and Social Security numbers, reportedly including CEO Elon Musk’s. The publication told Tesla it wouldn’t publish any personally identifiable information. Tesla filed two lawsuits against the former employees that allegedly leaked the data.
Malware turns PCs into proxy servers
Researchers at AT&T Alien Labs discovered a threat actor operating a proxy service operating over 400,000 exit nodes. While the service claims to get user consent to install these nodes, the researchers found sign that malware silently set up the nodes on infected Windows and macOS PCs. Written in Go for easy cross-compiling, the malware also uses a valid digital signature to allow for installation on the more locked down macOS. Aside from setting up the proxy exit node, the malware also installs adware and uploads further system information.
Thanks to our sponsor, HyperProof
Seiko wishes it could turn back time after ransomware attack
The ALPHV ransomware organization listed the iconic Japanese watchmaker on its victim site, claiming a successful cyberattack earlier this month. The company disclosed a data breach to regulators on August 10th, saying it detected access on July 28th. No word from Seiko on what data the attackers accessed. ALPHV’s leak site claims to have production plans, technical schematics, employee passport data, and release dates on new models. Interestingly, researchers at Cirated Intel informed BleepingComputer it spotted an initial access broker selling access to a Japanese manufacturing company that seemed to match Seiko’s profile on July 27th.
Hacker claims Bolsonaro asked to attack voting system
At a congressional hearing, Brazilian hacker Walter Delgatti Neto claimed he met with then-President Jair Bolsonaro ahead of the country’s 2022 election, who asked him to access Brazil’s electronic voting system. This was reportedly part of an effort to undermine credibility in the voting system. When told that the system didn’t connect online and wasn’t vulnerable to a network attack, the President’s campaign asked him to alter a voting machine to make it appear compromised. Delgatti did not furnish any evidence with these claims. Bolsonaro’s lawyers denied his allegation, although they did confirm the two men did meet.
UK government wants more Cyber Explorers
In February 2022, the UK launched Cyber Explorers, a free program to introduce cybersecurity concepts to 11 to 14 year olds. The UK government renewed calls for schools to sign up for the program in an attempt to build out a cybersecurity skills pipeline. Roughly 2000 schools have already signed up for Cyber Explorers. Earlier this summer, a UK’s report found that 51% of businesses lacked basic cybersecurity skills.
More funding on the way for rural broadband
White House infrastructure coordinator Mitch Landrieu announced the government allotted roughly $667 million in grants and loans to build out broadband infrastructure in the rural US. This marks the fourth phase of funding for the program, called ReConnect by the U.S. Department of Agriculture. It will see 37 new recipients get funding. Alaskan providers will receive 15% of these funds, the most of any of the 23 states and territories included in the latest round. These will be used to ensure customers get access to broadband speeds of up to 100 megabits per second up and down.