Security Breach – 1 Sep 2023

ChatGPT antiphishing defence.

Security Breach – 1 Sep 2023

The modern cybercriminal is extremely inventive in their approach to disrupting a business’s operations. They have access to a variety of resources that help them execute cyberattacks, and that list grows daily as technology evolves. They were already successful in scamming 92% of organisations across the globe in 2023 using sophisticated techniques like creative phishing emails, spoofing and fraudulent websites. Some even fell victim to phishing and social media fraud as well. Now bad actors have a new addition to their arsenal: ChatGPT phishing powered by artificial intelligence (AI).

Recently, AI-based technology has gained a lot of traction. AI-enabled tools and technologies can reduce workloads and eliminate mundane tasks, making them highly desirable for everyone. ChatGPT, for instance, is a large language model (LLM) that has helped millions of people maximise efficiency and easily achieve their goals. Unfortunately, it has also helped cybercriminals launch attacks using new techniques like ChatGPT phishing.

On the flip side, as with many innovations built to better humankind’s way of life, some discover how something inherently designed for good can be leveraged for personal or malicious agendas. Cybercriminals also find AI-enabled tools very successful, and they’re using them to launch even more sophisticated, hard-to-detect cyberattacks. This change adds a new wrinkle to securing a business from cyberattacks.

Recent Breaches

 

Australia – Pareto Phone – Telemarketing Firm

Exploit: Hacking

Risk to Business: Extreme: Many charities that used Pareto Phone for some of their fundraising efforts are finding out that their donors may have had data exposed after the company admitted to a data breach. Some of the charities impacted include The Cancer Council, Canteen, Australian Conservation Foundation and Fred Hollows Foundation. Some of the charities are saying that Pareto retained their donors’ information without their knowledge, including information that was up to nine years old. That donor information has now been released on the dark web. Canteen said that its donors’ full names, date of birth, addresses, email addresses and phone numbers had been released, but not financial information.  More than 70 charities may have been impacted in the incident.  

Japan – Seiko – Watchmaker

Exploit: Ransomware

Risk to Business: Severe: The BlackCat/ALPHV ransomware gang has claimed responsibility for a ransomware attack on renowned Japanese watchmaker Seiko. The company disclosed on August 10 that an unauthorised party had gained access to its network. BlackCat has begun posting samples of the stolen data including production plans, employee passport scans, new model release plans, specialised lab test results, technical schematics and Seiko watch designs. Seiko said that it has commissioned a team of external cybersecurity experts to investigate the incident and apologised to its customers.

Talk to a TCT team member today about implementing cyber security and phishing training plan for your employees.

Robert Brown
1/09/2023

Related Articles:
Vulnerability Management
8 Reasons every company is now a technology company