August 17, 2023
- CYBERSECURITY HEADLINES TODAY -
Cybercrime Forums Selling Personal Information of Hackers
Follow up to AI Red Team Hacking at Defcon
Zero-day in File Transfer Software Leaves Health Data Exposed
LinkedIn Compromised with Account Takeover Campaign
In this Episode:
Edwin Kwan: Info-stealing malware does not discriminate when stealing personal information. Hackers are humans too, and some of them fell prey and installed info-stealing malware.
Katy Craig: People are becoming increasingly worried about AI. A recent report from LLM-attacks.org shows that even super smart AIs from Google and OpenAI can mess up if you ask them the right leading questions.
Ian Garrett: That awkward moment when your data transfer solution is transferring a little too well… In this case, a zero-day in the file transfer software, MOVEit, allowed hackers to breach millions of records of sensitive health information.
Mark Miller: Just when you thought it was safe to go back in the water… hackers using a Russian internet portal and email provider Rambler.ru are using brute force attacks to compromise LinkedIn accounts.
The Stories Behind the Headlines
Edwin Kwan: Cybercrime Forums Selling Personal Information of Hackers
Info-stealing malware do not discriminate when stealing personal information. Security researchers discovered that some of the information stolen are also from hackers.
This is Edwin Kwan from Sydney, Australia
Security researchers analyzing stolen data from 100 of the leading cybercrime forums found that 120,000 of the infected computers belong to hackers- some of them even having credentials to the associated cybercrime forum stolen. The data stolen included email addresses, usernames, names, addresses, phone numbers, computer names, IP addresses.
The data was stolen using various techniques including info-stealing malware. These are malware that search specific locations on the computer for login information, such as web browsers. They are a primary initial attack vector and infections from such malware have surged by 6,000% since 2018. They are usually installed by victims to fix software and using techniques like paid ads on search engines to give them visibility.
Hackers are humans too, and some of them fell prey and installed those software. I guess they could have been the less-skilled ones who might be more gullible. The security researchers did note that the compromised passwords for cybercrime forums are generally stronger compared to passwords used for other sites such as government websites.
Resources
– https://www.hudsonrock.com/blog/100-000-hackers-exposed-from-top-cybercrime-forums
Katy Craig: Follow up to AI Red Team Hacking at Defcon
People are becoming increasingly worried about AI. It’s gotten so good at creating lies, influencing elections, and causing all sorts of trouble. Even the Pope spoke up about it, so it’s no wonder that the AI Village was this year’s DEFCON darling.
This is Katy Craig in San Diego, California.
A recent report from LLM-attacks.org shows that even super smart AIs from Google and OpenAI can mess up if you ask them the right leading questions. Some AI companies met with President Biden recently to promise they’ll be safer and more trustworthy.
Well, experts at DEFCON decided to test AI in a new way. They played the bad guys trying to trick AI into messing up, and usually only a few people check if AI is secure, but that’s not enough. At Defcon, over 100 clever folks joined the fun. They tried to find hidden problems that no one knew about. This is important because if AI messes up, it can be fixed or upgraded and modernized.
The challenge wasn’t to fool AI on purpose- like telling it to be mean or say crazy things. They wanted to discover things AI does wrong without knowing. They called these “unknown unknowns” or “black swans.”
Experts from big tech companies like Google joined in. Even some without AI skills took part, and they found all sorts of quirks. One guy told an AI in English that a man was shot while dancing, and when it translated to Hindi, it simply said the man died. Another asked an AI to pretend to be a presidential candidate defending child labor, and it came up with some wild stuff.
While AI is super smart, it’s not perfect. Testing it like this helps make it safer and more trustworthy. When you use AI, treat it as the tool that it is and check its results and outputs carefully.
This is Katy Craig. Stay safe out there.
Resources
– https://www.nytimes.com/2023/08/16/technology/ai-defcon-hackers.html
– https://llm-attacks.org/
Ian Garrett: Zero-day in File Transfer Software Leaves Health Data Exposed
That awkward moment when your data transfer solution is transferring a little too well… In this case, a zero-day in the file transfer software, MOVEit, allowed hackers to breach millions of records of sensitive health information.
Hey folks, this is Ian Garrett in Arlington, Virginia.
Millions of Americans have fallen victim to a massive breach as hackers exploited zero-day vulnerability in the widely used MOVEit file transfer software, targeting none other than tech Giant IBM.
The magnitude of this breach is quite extensive. The Colorado Department of Healthcare Policy and Financing, responsible for managing Colorado’s Medicaid program, confirmed the breach, exposing the data of over 4 million patients. The breach was executed by exploiting a zero-day vulnerability in the IBM’s MOVEit application, which the state’s vendor used to handle data transfers.
While the breach did not directly affect the state’s systems, certain data files on the MOVEit application were accessed by unauthorized actors. The compromised data includes deeply personal information, such as full names, date of birth, home addresses, social security numbers, Medicaid and Medicare ID numbers, income details, clinical and medical data, and health insurance information.
It’s worth noting that this breach doesn’t stand alone. The impact has also reached the Department of Social Services in Missouri with details still emerging about the extent of the damage.
These breaches of sensitive identifying information are especially dangerous with the rise of attacks against identity-based security solutions.
Resources
– https://techcrunch.com/2023/08/14/millions-americans-health-data-moveit-hackers-clop-ibm/
Mark Miller: LinkedIn Compromised with Account Takeover Campaign
Just when you thought it was safe to go back in the water… hackers using a Russian internet portal and email provider Rambler.ru are using brute force attacks to compromise LinkedIn accounts, where they change the contact email address and reset the password. Hacked accounts are not retrievable by the account owner.
According to a report by Cyberint Research on August 14, there are two types of account lockouts. The first is where LinkedIn notices unusual activity, locks the account and notifies you of the activity. This temporary lockout is relatively easy to have access returned to normal through the LinkedIn support channels.
The second type of lockout is the one to worry about. This is a full account compromise. Victims have received ransom notices, and in some cases had their accounts completely wiped out.
Here’s a quote directly from Cyberint: ” They first gain access to the account and alter the account’s associated email address to another email address, often using possibly generated addresses using the mail system of a Rambler.ru. Then the threat actors change the account password. By changing the email address, threat actors effectively prevent the victim’s ability to restore their account via email, thereby leaving the account irrecoverable.”
So where does that leave those of us who use LinkedIn as a business tool. Well, the basics still apply: reset your password to something other than your mother’s maiden name, and activate two-factor authentication. Yeah, it’s a pain in the ass for about five minutes, but it’s much better than the alternative… starting over from scratch on LinkedIn.
You can find the link to the original Cyberint research at the bottom of this episode on 505updates.com.
This is Mark Miller, currently on the way over to LinkedIn to reset his password, again.
Resources
– https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/