Newsletter

open source and cybersecurity news

May 2, 2023

Top 5 Cyberattacks in 2023, Malvertising, Cybereason, ChatGPT Banned

In this Episode:

Episode Transcription:

Pokie Huang:

Hey, it’s 5:05 on Tuesday, May 2nd. 2023. From The Sourced Podcast network in New York city, this is your host Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney, Australia, Katy Craig in San Diego, California, Ian Garrett in Arlington, Virginia, Olimpiu Pop in Transylvania, Romania and Marcel brown in St. Louis, Missouri. 

Let’s get to it.

Edwin Kwan: 

This is Edwin Kwan from Sydney Australia. 

Experts from SANS have shared at the RSA Conference what are the most dangerous forms of cyber attacks for 2023. The first is SEO boosted attacks. This is where attackers use SEO to boost the rankings of their malware laden sites in order to send more victims their way.

Next is Malvertising, where attackers are purchasing ads on search engines to get their malicious sites to the top of the search results. An example was a lookalike campaign for a free piece of 3D graphic software called Blender. The top three ad results for that keyword search were all to malicious lookalike sites. It was not until the fourth result that you get to the legitimate software website. 

Developers as a target is next, as they usually have elevated privileges, across it and business systems and their machines are less locked down than the average user. 

Fourth on the list is offensive users of AI, where attackers will leverage tools like ChatGPT to ramp up their development exploits and zero day discovery. 

 The last is weaponizing AI for social engineering. This is where attackers are expected to dramatically ramp up their use of AI to make social engineering and impersonation attacks seem highly believable.

Katy Craig: 

A Vietnamese threat actor has been able to infect half a million machines via a malvertising campaign launched over the past several months on popular social media platforms. 

This is Katy Craig in San Diego, California. 

Malvertising or malicious advertising is a technique used by cyber criminals to spread malware through seemingly legitimate online advertisements. These ads are often placed on popular websites and social media platforms like Facebook, making them appear trustworthy. However, once clicked these ads can lead to infected sites or initiate drive by downloads, compromising your device and your data. 

But fear not, there are ways to defend against malvertising. Here are three simple tips to help you stay safe. 

1) Keep your software updated. Regularly update your operating system, web browsers and security software to protect against known vulnerabilities and threats. 

2) Use reputable ad blockers. Ad blockers can help prevent malicious ads from being displayed on your device, reducing the risk of accidental clicks.

3) Be cautious with ads. If an ad seems too good to be true or is promoting something that’s not relevant to the site you’re visiting, it might be best to avoid clicking on it. 

While malvertising is a growing concern, awareness and taking the right precautions can significantly reduce your risk. By staying informed and vigilant, we can enjoy our time online without falling prey to these sneaky cyber threats. 

This is Katy Craig. Stay safe out there.

Ian Garrett: 

Tech startups often announced their funding rounds to drum up buzz and to signal momentum and interest in their tech. To the passerby Cybereason’s recent announcement of its a hundred million Series G would seem like another blip in its successful raising history with over $800 million raised to date.

However, this round was accompanied by a change in CEOs as well as a significant rapid valuation, continuing the trend we’re seeing in tech startups in other sectors. 

Hey folks, this is Ian Garrett in Arlington, Virginia. 

In 2021. Cybereason was preparing for an IPO at a $5 billion valuation, but since then has seen a series of unfortunate events.

The co-founder and CEO resigned, hundreds of employees were laid off and the company’s valuation dropped by 90%, falling from $3 billion to between $300 to $400 million. Cybereason’s main investor, SoftBank, which was also hit hard by its investment in WeWork, forced the company to make immediate and massive cuts.

The Israeli Cybersecurity Company was established in 2012 and competes with companies such as CrowdStrike and Sentinel One, offering services such as ransomware protection and prevention of malware attacks. Despite its success in the Japanese market, due to its connection with SoftBank, the economic turmoil of 2022 caught the company off guard leading to overhiring and the need for layoffs.

Although the new CEO of Cybereason claims the value of the company is not important, the future of the company remains uncertain. The postponement of the IPO led to the company raising funding at almost any cost. With the recent 100 million round, adjusting to the new multipliers, of single digits on revenue. And worse, if SoftBank believes that cyber reason has no future, a sale at a loss could mark the end of the once star cyber company.

It’s worth considering if this is the case of a company that tried to scale too quickly or if it’s an indicator and a greater trend within cybersecurity,

Olimpiu Pop: 

Like many others, I really enjoy being in Italy. Who doesn’t like pizza and pasta? Italy is the perfect balance between technological evolution and tradition. So how does Italy ride the AI wave

For the time being, it doesn’t. After Italy’s data protection, watchdog accused OpenAI of breaching data privacy rules, the country joined China, Iran, North Korea, and Russia in restricting access to ChatGPT. 

Yes, that’s a great list to be on. And because Europeans stick together, especially against innovation, the European consumer organization, called on all authorities to investigate all major AI chatbots.

In the words of the organization’s Deputy Director Ursula Pachl. “I think this incident with ChatGPT is very important. It’s kind of a wake up call for the European Union because even though European institutions have been working on an AI act, it’ll not be applicable for another four years. And we have seen how fast these source of systems are developing .”

After this call to arms, Ireland, the UK and France starting looking closer too. That’s ironic as France legalized AI surveillance for the 2024 Parisian Olympic Games.

The rest of the EU shouldn’t worry though. The EU AI Act is coming. Already two years in the making, we might leave it as an inheritance to our children. 

This was Olimpiu Pop reporting from Transylvania, Romania.

Marcel Brown: 

This is Marcel Brown, the most trusted name in technology, bringing you your technology history for May 2nd. 

May 2nd, 1983. Microsoft introduces the Microsoft mouse for IBM and IBM compatible PCs. The mouse featured two green buttons and is available by itself, or will later be bundled with the new Microsoft Word software, which Microsoft would release in September of that year. 

Because of the green buttons, the mouse was nicknamed the Green Eyed Mouse, which may have been a fitting name given its similarity to the Shakespearean phrase, Green Eyed Monster to describe jealousy. It was no secret. Bill Gates was very envious of what Apple was creating with the Lisa and later Macintosh computers and their mouse driven interfaces.

 Microsoft will manufacture nearly 100,000 units of this first mouse, but will only sell 5,000. before introducing the second more popular version in 1985. Microsoft would go on to create a very successful line of mice and other computing peripherals over the years. But almost ironically, Microsoft announced in April of 2023, nearly 40 years later, that they would end the production of Microsoft branded peripherals and focus on their surface branded peripherals.

This came months after Microsoft announced a 30% year over year drop in revenue from devices, cut 10,000 jobs and announced changes to their hardware portfolio. 

May 2nd, 1991. Microsoft registers the microsoft.com domain name. For such a major technology company. Notably, this was over six years after the domain name system was created, and the first domain name registered, and over four years after competitor Apple registered apple.com. 

I guess it was no surprise that it took Microsoft another four years to recognize the growing importance of the “internet tidal wave”, about a year after the worldwide web was already gaining mainstream popularity and most of the rest of the technology industry were already on board. 

That is your technology history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.

Pokie Huang: 

That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.

5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there. 

Thank you to Edwin Kwan, Katy Craig, Ian Garrett, Olimpiu Pop and Marcel Brown for today’s contributions. 

The Executive Producer is Mark Miller. The editor and the sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you tomorrow… at 5:05.

Contributors:

Comments:

Leave the first comment

Newsletter