Tag Archive for: Avoid

Malware Taps Generative AI to Rewrite Code, Avoid Detection

/in


Artificial Intelligence & Machine Learning
,
Cybercrime
,
Events

Mikko Hypponen Talks GPT-Enhanced Malware, Russian Cyber Operations and More

Mathew J. Schwartz (euroinfosec) •
May 5, 2023    

Mikko Hyppönen, chief research officer, WithSecure

Finnish cybersecurity expert Mikko Hyppönen recently received an email he wasn’t expecting: A malware developer sent him a copy of “LL Morpher,” a brand-new virus he’d written, which uses OpenAI’s GPT large language models.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources


“It’s the first malware we’ve ever seen which uses GPT to rewrite its code,” said Hyppönen, who’s chief research officer at WithSecure, of the worm, which is written in Python and designed to infect Python files on a victim’s system. Instead of copying its functions into the infected file, the malware uses an API key to call GPT and give it English-language instructions about the malicious functionality it wants to be created.


“It calls GPT to write the code for it, which means every time it’s different, and it will be trivial to modify to write it in any other language,” Hyppönen said. “The whole AI thing right now feels exciting and scary at the same time.”


Thus far, this piece of malware is more proof-of-concept than actual threat, in that it’s available via GitHub, and for now could be contained by blocking the API key. Even so, Hyppönen says it should…

Source…

Russian Ransomware Projects Rebranded to Avoid Western Sanctions: Report

/in


Blockchain intelligence company TRM Labs revealed that some major Russian-linked ransomware syndicates rebranded their activities in 2022 to avoid sanctions from Western countries.

According to a new report published recently, the rebranding and other significant activities showed notable changes in the cybercrime space and darknet markets (DNMs) after Russia invaded Ukraine.

Ransomware Operators Rebranded to Evade Sanctions

In the wake of Russia’s invasion of Ukraine, several Western law enforcement agencies imposed tighter sanctions on Russian ransomware platforms.

Similarly, sanctions imposed by the U.S. Office of Foreign Assets Control (OFAC) on the popular darknet platform Hydra took a toll on ransomware projects as they struggled to gain market dominance while avoiding law enforcement agencies.

To strengthen their anonymity through alterations in on-chain behavior, two major ransomware syndicates, LockBit and Conti, restructured their activities.

Through TRM’s on-chain analysis, open source reporting, and proprietary information, the intelligence firm discovered that Conti ceased its original operation and restructured into three smaller groups named Black Basta, BlackByte, and Karakut. Before the diversification, Karakut was a side project run by Conti operators.

LockBit, on the other hand, rebranded its operations since Ukraine’s invasion last February. Four months later, the syndicate launched LockBit 3.0, which it projected as apolitical and focused on monetary gain.

“LockBit’s claim that it had no intention to purposely attack Western countries may have been motivated by the possibility of Western sanctions against Russian entities. Moreover, LockBit stated that it had prohibited attacks against entities related to critical infrastructure, probably to minimize the risk of law enforcement attention and potential sanctions,” TRM said.

Western Sanctions had Little Impact on DNMs

Furthermore, TRM’s analysis also found significant growth in the usage of Russian-speaking darknet markets. Due to sanctions imposed on DNMs, criminals fled to Russian-related platforms to evade Western law enforcement.

Collectively, Russian-speaking…

Source…

Netskope: How to Avoid Malware Hackers Hitting Cloud Apps

/in


by D. Howard Kass • Jan 11, 2023

New research by Netskope, a secure access service edge (SASE) specialist, found that more than 400 unique cloud applications delivered malware in 2022, nearly triple the amount of the prior year.

Where’s the Malware Originating From?

The Santa Clara, California-based company’s data also showed that some 30% of all cloud malware downloads in 2022 originated from Microsoft OneDrive. Netskope’s Cloud & Threat Report for 2022 also found that more than 25% of users worldwide uploaded documents daily to Microsoft OneDrive, while 7% did so for Google Gmail and 5% for Microsoft Sharepoint.

The drastic increase in active cloud users across a record number of cloud applications led to an increase in cloud malware downloads in 2022 from 2021, Netskope’s researchers said.

As Ray Canzanese, Netskope threat research director, explained:

“Attackers are increasingly abusing business-critical cloud apps to deliver malware by bypassing inadequate security controls. That is why it is imperative that more organizations inspect all HTTP and HTTPS traffic, including traffic for popular cloud apps, both company and personal instances, for malicious content.”

The Study, by the Numbers

In 2022, several geographic regions saw significant increases in the overall percentage of cloud vs. web-delivered malware compared to 2021, including:

  • Australia (50% in 2022 compared to 40% in 2021)
  • Europe (42% in 2022 compared to 31% in 2021)
  • Africa (42% in 2022 compared to 35% in 2021)
  • Asia (45% in 2022 compared to 39% in 2021)

In certain industries, cloud-delivered malware also became more prevalent worldwide:

  • Telecom (81% in 2022 compared to 59% in 2021)
  • Manufacturing (36% in 2022 compared to 17% in 2021)
  • Retail (57% in 2022 compared to 47% in 2021)
  • Healthcare (54% in 2022 compared to 39% in 2021)

Regarding Cyber Preparedness

Remote and hybrid work dynamics continue to pose multiple cybersecurity challenges, including how to securely provide users access to the company resources they need to do their jobs and how to scalably and securely provide users access to the internet.

Netskope recommends organizations take the following actions to avoid increased risk of…

Source…

Avoid falling prey to employment scams – Rexburg Standard Journal

/in



Avoid falling prey to employment scams  Rexburg Standard Journal

Source…