Network

TikTok Under Scrutiny Again

TikTok Under Scrutiny AgainTikTok is back under scrutiny from cybersecurity professionals and many world governments for the third time in two years. The social media platform rocketed to popularity during the pandemic but has slowly lost market share, falling below Instagram again last year. The latest security concerns and response by government legislation may be the final blow to the Chinese-owned social media platform trying to stay relevant in the US market.

The latest government bans on TikTok include New Zealand, Britain, the European Union, Belgium, and Canada. These countries have banned the app on government-owned devices or devices that can access government databases. The US voted to remove the app from all government-owned devices in December, but a deadline was finally set for March 20th for all removal to be done. Over half of State governments followed suit and banned the app from state government devices. Both the FBI and FCC have warned that the owner of the social media platform, ByteDance, could share data with the Chinese government. India banned the app in the summer of 2020, the first time the issue came up, which instantly knocked 200 million users off the platform.

World governments have concerns over the app for government employees and citizens. The first is sensitive data could be accessed on government devices and shared with the Chinese government. The second is location information. The US military was the first group to ban the app in January 2020, and location sharing played a part in that ban. There are also concerns over intelligence gathering of user preferences and demographic that could be used for misinformation campaigns in the future on citizen populations.

The current bill that could ban the app for US citizens names TikTok specifically, but it includes “…information and communications technology product or service.” from six adversarial nations: China, Cuba, Iran, North Korea, Russia, and Venezuela.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts

Sharing Confidential Data with AI

Employees Sharing Data with ChatGPTOur previous blog on AI and cybersecurity showed how criminals use AI to help them write and debug malicious code and create more convincing phishing prompts. However, employees are beginning to utilize ChatGPT and other large language models (LLMs) to increase productivity, raising concerns about sensitive business data.

Businesses are beginning to use ChatGPT to write job descriptions, compose interview questions, create PowerPoint presentations, and refine or check code. However, companies are concerned that employees are giving the chatbot proprietary, secure, or customer data, which may open that information up to the public.

Walmart and Amazon warned their employees against sharing confidential information with ChatGPT. Amazon has already said it has seen internal Amazon data as responses on the chatbot, which means their employees entered the data into the tool to check or refine. JPMorgan Chase and Verizon have blocked employee access to ChatGPT, and the owner, OpenAI, changed how the chatbot learns new information last week. Previously ChatGPT was set to train on users’ input information; that service was turned off following privacy concerns.

From a cybersecurity standpoint, it’s challenging to control copied and pasted data if the employee needs the data to do their job. Like many other cybersecurity vulnerabilities, employees may use a chatbot tool to streamline their workflow without considering the security implications.

Cyberhaven Labs tracked the use of ChatGPT across their customer base and published a report. They found that 5.6% of employees tried to use the tool in their workplace, and 2.3% of employees have entered confidential information into ChatGPT since its launch three months ago. The use of the chatbot tool is growing exponentially, and all categories of business data are being shared with the tool. Client data, source code, personally identifiable information (PII), and protected health information (PHI) have all been shared with the tool in a percentage that grows weekly.

Employees should be aware of the cybersecurity ramifications of sharing company data with any external source not approved by the business. ChatGPT growth in popularity shows how AI will continue to influence business tools for good, but it poses a security risk for business data in its current open state.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

T-Mobile Breach

Behind T-Mobile Data BreachT-Mobile went through a second significant data breach in late January, but we are only just now starting to get details from the breach and how criminals used the stolen data from external cybersecurity experts. New examination of the breach and hacker communications shows criminals were exploiting the vulnerability most of last year to attack individual T-Mobile customers. Hackers used access to T-Mobile employee login credentials to conduct SIM swapping events on encrypted chat forums and target individual users on their mobile network for a low fee.

SIM swapping is a practice used by criminals to gain access to a targeted mobile phone. Hackers can either convince mobile phone carriers to change mobile service to a targeted mobile phone or, in this case, use employee credentials to move the number themselves. SIM swappers then act quickly to use the number to infiltrate sensitive accounts using two-factor authentication.

Three hacker groups claimed they were using T-Mobile employee credentials to enable SIM swaps and attack its customers. Records from encrypted chat logs show criminals offering SIM swapping events from $1000-$1500 per customer for most of 2022. The events started to subside in November and December as T-Mobile gained better control of the issue. This problem also appears to be unique to T-Mobile and does not affect the other two large mobile carriers as often or as easily.

The data breach T-Mobile admitted to in January of 37 million current customers allowed criminals to target high-profile individuals and pay to have their phone number swapped to a different device for 15 minutes to a couple of days. During that time, criminals use other compromised credentials to log into bank accounts or other personal accounts and steal more information or money with two-factor authentication.

The hackers mostly used voice phishing, meaning they would call T-Mobile employees on the phone, impersonate internal IT employees, and ask the T-Mobile employee to log into a fake security tool to steal the employee credentials. The bigger story of the breach is T-Mobile’s employee access and the lack of a concrete second-factor authenticator like a physical security key.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security

Calendar Invitation Phishing

Calendar Invitation PhishingCriminals are using calendar invitations to launch phishing attacks and break through email filtering. Over the summer, we saw a new phishing tactic used against the corporate world to steal employees’ login credentials. Criminals used compromised email addresses to send employees meeting invites with malicious links in the body of the invitation disguised as a virtual meeting link. The attack vector has recently worked its way down to individuals at such a rate that Google had to take action last week.

Many phishing attacks use Microsoft documents or PDFs as part of the attack because they will typically make it through email filtering. A calendar invite attack uses a .ICS file for the same reason. Some email clients will even add a calendar invite to a user’s calendar before they respond to the invite. The attacks are even more convincing now that virtual meetings are the norm in the workplace, and employees are regularly invited to unusual virtual meetings.

Like SMS phishing when it first became popular, criminals are weaponizing a business tool that most people interact with daily and trust. Calendar phishing is a new attack vector that users may not know is a threat yet.

The tactic was used extensively in the first part of the year against personal user accounts to the extent that Google took action and added calendar invitations to their list of automatically filtered spam just last week. Users can also change account settings so only calendar invitations from known contacts automatically appear on their calendar. Calendar invitations from unknown users will still appear in the user’s email inbox but will not be added to the calendar without accepting the invitation.

Businesses should educate users on calendar phishing and remind them not to accept or click links in meeting invitations from contacts they do not recognize.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business