Data Breach

Mar

2023

Sharing Confidential Data with AI

Our previous blog on AI and cybersecurity showed how criminals use AI to help them write and debug malicious code and create more convincing phishing prompts. However, employees are beginning to utilize ChatGPT and other large language models (LLMs) to increase productivity, raising concerns about sensitive business data.

Businesses are beginning to use ChatGPT to write job descriptions, compose interview questions, create PowerPoint presentations, and refine or check code. However, companies are concerned that employees are giving the chatbot proprietary, secure, or customer data, which may open that information up to the public.

Walmart and Amazon warned their employees against sharing confidential information with ChatGPT. Amazon has already said it has seen internal Amazon data as responses on the chatbot, which means their employees entered the data into the tool to check or refine. JPMorgan Chase and Verizon have blocked employee access to ChatGPT, and the owner, OpenAI, changed how the chatbot learns new information last week. Previously ChatGPT was set to train on users’ input information; that service was turned off following privacy concerns.

From a cybersecurity standpoint, it’s challenging to control copied and pasted data if the employee needs the data to do their job. Like many other cybersecurity vulnerabilities, employees may use a chatbot tool to streamline their workflow without considering the security implications.

Cyberhaven Labs tracked the use of ChatGPT across their customer base and published a report. They found that 5.6% of employees tried to use the tool in their workplace, and 2.3% of employees have entered confidential information into ChatGPT since its launch three months ago. The use of the chatbot tool is growing exponentially, and all categories of business data are being shared with the tool. Client data, source code, personally identifiable information (PII), and protected health information (PHI) have all been shared with the tool in a percentage that grows weekly.

Employees should be aware of the cybersecurity ramifications of sharing company data with any external source not approved by the business. ChatGPT growth in popularity shows how AI will continue to influence business tools for good, but it poses a security risk for business data in its current open state.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Mar

2023

T-Mobile Breach

T-Mobile went through a second significant data breach in late January, but we are only just now starting to get details from the breach and how criminals used the stolen data from external cybersecurity experts. New examination of the breach and hacker communications shows criminals were exploiting the vulnerability most of last year to attack individual T-Mobile customers. Hackers used access to T-Mobile employee login credentials to conduct SIM swapping events on encrypted chat forums and target individual users on their mobile network for a low fee.

SIM swapping is a practice used by criminals to gain access to a targeted mobile phone. Hackers can either convince mobile phone carriers to change mobile service to a targeted mobile phone or, in this case, use employee credentials to move the number themselves. SIM swappers then act quickly to use the number to infiltrate sensitive accounts using two-factor authentication.

Three hacker groups claimed they were using T-Mobile employee credentials to enable SIM swaps and attack its customers. Records from encrypted chat logs show criminals offering SIM swapping events from $1000-$1500 per customer for most of 2022. The events started to subside in November and December as T-Mobile gained better control of the issue. This problem also appears to be unique to T-Mobile and does not affect the other two large mobile carriers as often or as easily.

The data breach T-Mobile admitted to in January of 37 million current customers allowed criminals to target high-profile individuals and pay to have their phone number swapped to a different device for 15 minutes to a couple of days. During that time, criminals use other compromised credentials to log into bank accounts or other personal accounts and steal more information or money with two-factor authentication.

The hackers mostly used voice phishing, meaning they would call T-Mobile employees on the phone, impersonate internal IT employees, and ask the T-Mobile employee to log into a fake security tool to steal the employee credentials. The bigger story of the breach is T-Mobile’s employee access and the lack of a concrete second-factor authenticator like a physical security key.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Feb

2023

Calendar Invitation Phishing

Criminals are using calendar invitations to launch phishing attacks and break through email filtering. Over the summer, we saw a new phishing tactic used against the corporate world to steal employees’ login credentials. Criminals used compromised email addresses to send employees meeting invites with malicious links in the body of the invitation disguised as a virtual meeting link. The attack vector has recently worked its way down to individuals at such a rate that Google had to take action last week.

Many phishing attacks use Microsoft documents or PDFs as part of the attack because they will typically make it through email filtering. A calendar invite attack uses a .ICS file for the same reason. Some email clients will even add a calendar invite to a user’s calendar before they respond to the invite. The attacks are even more convincing now that virtual meetings are the norm in the workplace, and employees are regularly invited to unusual virtual meetings.

Like SMS phishing when it first became popular, criminals are weaponizing a business tool that most people interact with daily and trust. Calendar phishing is a new attack vector that users may not know is a threat yet.

The tactic was used extensively in the first part of the year against personal user accounts to the extent that Google took action and added calendar invitations to their list of automatically filtered spam just last week. Users can also change account settings so only calendar invitations from known contacts automatically appear on their calendar. Calendar invitations from unknown users will still appear in the user’s email inbox but will not be added to the calendar without accepting the invitation.

Businesses should educate users on calendar phishing and remind them not to accept or click links in meeting invitations from contacts they do not recognize.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Feb

2023

Passkey is Evolving

A new survey showed users continue to choose easily guessable passwords even with the threat of account compromise. A study from NordPass showed 2022 was no different, with ‘Password’ at the top of the list, followed by a series of numbers and combinations of the two. Even with media attention to cybersecurity over the past few years, password habits are getting worse instead of better. The average consumer has around 100 passwords today, so it’s understandable why people reuse and use easily guessable passwords, but it doesn’t lower the threat of compromise.

Passkeys are a new technology that drastically reduce human error by taking the user-selectable password out of the equation. Passkeys use external devices, like smartphones, to approve login to an account with no password required to complete the authentication. The exchange uses biometrics like facial recognition or fingerprints at the user interface level to approve the authentication.

Passkeys work on a system of key pairs, one public and one held privately, on the user’s device. The two keys are mathematically linked to one another, so when a user tries to access an account, their device responds with the answer to the math problem. Since you need both pieces of the math puzzle to open the account, authentication can only be made with the selected device. However, all of this occurs in the background. The user only sees a prompt for a fingerprint or facial recognition scan.

Passkeys are also much more phishing resistant than traditional passwords because the authentication request is directed at an individual. Traditional passwords are susceptible to hacking because once the password is compromised, the criminal can log into the account anywhere in the world at any time. Multi-factor authentication helps to control this issue, but last year we saw ransomware groups bypass MFA and advertise their service to anyone looking to pay.

Apple, Microsoft, and Google are leading the charge to a passwordless world, and sites like eBay, Paypal, and WordPress already support the technology.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Data Breach

Search Quanexus.com

White Paper: Corporate Account Takeovers, Business Email Compromise and Ransomware

What Our Clients Think

Contact Us