Tag: create | SpinSafe

An AI Chatbot May Have Helped Create This Malware Attack

April 10, 2024/in Computer Security

A hacking group has been spotted possibly using an AI program such as ChatGPT, Google’s Gemini, or Microsoft Copilot to help refine a malware attack.

Security firm Proofpoint today published a report about the group, dubbed “TA547,” sending phishing emails to businesses in Germany. The emails are designed to deliver the Windows-based Rhadamanthys malware, which has been around for several years. But perhaps the most interesting part of the attack is that it uses a PowerShell script that contains signs it was created with an AI-based large language model (LLM).

Hackers often exploit PowerShell since it’s a powerful tool in Windows that can be abused to automate and execute tasks. In this case, the phishing email contains a password-protected ZIP file, that when opened, will run the hacker-created PowerShell script to decode and install Rhadamanthys malware on the victim’s computer.

While investigating the attacks, Proofpoint researchers examined the PowerShell script and found “interesting characteristics not commonly observed in code used” by human hackers, the company wrote in a blog post.

What stuck out was the presence of the pound sign #, which can be used in PowerShell to make single line comments explaining the purpose of a line of computer code

Image of the powershell script code

(Credit: Proofpoint)

“The PowerShell script included a pound sign followed by grammatically correct and hyper specific comments above each component of the script. This is a typical output of LLM-generated coding content, and suggests TA547 used some type of LLM-enabled tool to write (or rewrite) the PowerShell, or copied the script from another source that had used it,” Proofpoint says.

Indeed, if you ask ChatGPT, Copilot, or Gemini to create a similar PowerShell script, they’ll respond in the same format, placing pound symbols along with an explanation. In contrast, a human hacker would probably avoid such comments, especially since their goal is to disguise their techniques.

Recommended by Our Editors

ChatGPT placing the pound symbols

(Credit: ChatGPT)

Still, Proofpoint can’t definitively say TA547 created the PowerShell script with the help of an AI chatbot. Nevertheless, the case illustrates how cybercriminals can harness…

Source…

Teams, Slack, and GitHub, oh my! – How collaborative tools can create a security nightmare

March 25, 2024/in Internet Security

When building Teams security, first determine the level of risk your organization is willing to accept. For example, do you want Teams to be open to anonymous users or limit it strictly to internal users?

To adjust this setting, perform the following steps:

If you decide that guest access is to be allowed on your network, you need to be aware of the potential for Teams to be used as a means for attack. You can improve security by deploying more phishing-resistant authentication methods, such as number matching, rather than merely allowing automatic approval of the prompt.

Next, consider implementing Conditional Access rules. This requires additional licensing to implement but may be wise, as attackers turn more and more to using the cloud as a launching point for attacks.

Conditional access rules will allow you to restrict Microsoft 365 logins by using stronger authentication techniques as well as increasing the various strengths of built-in authentication: Multifactor authentication strength, Passwordless MFA strength, and Phishing-resistant MFA strength.

You may decide to limit your Teams interactions to approved domains rather than leaving it open to new and anonymous users. And of course, educating end users only to accept files from trusted partners is crucial.

Source…

This hacker used over a million virtual servers to create an incredibly powerful network – but then wasted it on mining crypto

January 15, 2024/in Computer Security

Ukrainian police have arrested a hacker who allegedly used compromised servers belonging to an American company to secretly mine cryptocurrencies.

The Ukrainian cyberpolice revealed the individual was able to create a million virtual servers on which he proceeded to install cryptojackers – cryptocurrency miners that try to operate in the background and without the knowledge or consent of the endpoint’s owners.

The individual, an unnamed 29-year-old man, had been allegedly active since 2021. He first brute-forced his way into 1,500 accounts of a subsidiary of “one of the world’s largest ecommerce companies” – although the name of the affected company was not disclosed.

Causing damage

After brute-forcing his way into the devices, the criminal created a million virtual computers and installed the cryptocurrency miners. Everything he managed to mine, he moved using the TON wallet. The police claim the volume of the transactions amounted to approximately $2 million.

The hacker was arrested on January 9, during which the police confiscated computer equipment, bank and SIM Cards, electronic media, and other evidence. He is now facing criminal charges.

To successfully mine cryptocurrencies, a person would need a high-end computer and an internet connection. Mining the tokens is a compute-heavy operation, which makes the computer practically useless for anything else. Furthermore, the operation uses a lot of electricity, too, racking up the energy bill quickly.

That’s why hackers often try to compromise corporate servers – they’re powerful devices that can mine plenty of coins, while leaving the headache of the electricity bill to someone else.

Furthermore, while the servers are too occupied mining the coins, they are too slow to be used for their original purpose, which increases the expenses for the victim company even further. Those are just some of the reasons why some analysts claim that for every $1 of cryptocurrency mined, the victim suffers roughly $53 in damages.

Hackers usually use cryptojackers to mine Monero (XMR), a privacy-oriented coin which, allegedly, is practically untraceable. XMRig is one of the most popular cryptominers out there.

Via:

Source…

DARPA is hosting a Black Hat contest to create cyber-security AI models

August 11, 2023/in Computer Security

Forward-looking: The Black Hat Def Con conference portrays itself as an internationally recognized cybersecurity event showcasing the most “technical and relevant” information security research in the business. For the next two years, the event will host a DARPA-funded contest to put AI algorithms to work on the increasingly pressing software security problem.

DARPA’s Artificial Intelligence Cyber Challenge (AIxCC) is a two-year competition for the “best and brightest” minds in the AI field, the contest’s official site explains. The Pentagon’s research agency wants companies and experts to create novel AI systems; machine learning models designed to secure the critical software code that runs beneath financial systems, public utilities and other digital infrastructures enabling modern life.

Software runs everything these days, DARPA states, which unfortunately provides an “expanding” attack surface for cyber-criminals and other malicious actors. The new AI capabilities developed during the past decade have shown “significant potential” to help address key societal challenges like cybersecurity, the US agency says. AIxCC will reward people and organizations that can actualize this theoretical potential.

DARPA says it will award a cumulative $18.5 million in prizes to the teams with the best AI systems. An additional $7 million will be awarded to small business ventures taking part in the contest. With AIxCC, the US military is seeking the development of ML models capable of identifying, and maybe fixing, dangerous security flaws within critical software projects.

DARPA will work with “leading” AI companies Anthropic, Google, Microsoft, and OpenAI to give AIxCC competitors access to the most advanced technology and expertise. With their help, contestants will likely increase their chances of developing a true “state-of-the-art” cybersecurity system infused with AI algorithms. The Open Source Foundation will contribute as well, as most modern software needing protection is based on open-source code projects.

The AIxCC challenge has already started during this year’s Def Con conference held in Las Vegas. AI teams will compete in a series of preliminary trials during 2024, with the…

Source…

Tag Archive for: create

Recommended by Our Editors