Hackers exploit the credibility associated with the ChatGPT model by exploiting ChatGPT names of malicious domains to trick users into trusting fraudulent websites.
By leveraging a model’s reputation, it is possible to trick individuals into doing the following:
- Leakage of confidential information
- Downloading malicious content
ESET Highlights H2 2023 ransomware is not typical as it is the “MOVEit hack” by Russian ransomware group Cl0p. Below we have mentioned all other names of Cl0p.
- lace tempest
- FIN11
- TA505
- evil corps
This ransomware group is well-known for using ransomware for large-scale hacks. This large-scale campaign leveraged the MOVEit zero-day vulnerability (CVE-2023-34362) on May 27th.
Compounding the problem are zero-day vulnerabilities such as MOVEit SQLi, Zimbra XSS, and more than 300 similar vulnerabilities discovered every month. Delays in remediating these vulnerabilities can lead to compliance issues, but AppTrana’s unique ability to obtain “Zero Vulnerability Reports” within 72 hours can help minimize these delays.
The flaw has been around since 2021 and allows for unauthorized access, marking the evolution of Cl0p beyond traditional ransomware exploits. Recently, ESET cybersecurity researchers found over 650,000 registered malicious domains similar to ChatGPT.
Massive ransomware attack
Russian ransomware group Cl0p targeted global companies and U.S. government agencies in this attack. A notable change is that he now leaks data onto the open web if the ransom is not paid, a common tactic with his ALPHV ransomware gang.
The FBI notes that ransomware is evolving with a variety of attacks, including:
- Deployment of multiple ransomware variants
- Data theft and use of wiper after encryption
In IoT, cybersecurity researchers use discovered kill switches to find and disable the Mozi botnet.
The sudden collapse of the Mozi botnet, the largest in the last three years, has raised questions about the use of kill switches by developers and Chinese authorities.
In addition to this, a new threat, Android/Pandora, attacks the following types of Android devices with DDoS attacks in the same situation:
- smart tv
- tv box
- mobile device
Cyber security researcher Identify your campaign Attacks ChatGPT users and repeatedly attempts to access suspicious domains such as:
Separately, threats include insecure handling of OpenAI API keys, highlighting the need to protect key privacy.
Cybersecurity analysts have discovered a significant increase in the use of Android spyware like ‘SpinOk’. The second half of 2023 will see a spike in his three-year-old JS/Agent and persistent Magecart attacks on unpatched websites.
Furthermore, prevention can be achieved by strengthening security measures by developers and administrators.
Cryptocurrency thieves are on the rise with Lumma Stealer, a malware-as-a-service information stealer targeting cryptocurrency wallets. However, Bitcoin’s value has risen without being able to match the growing threat of cryptocurrencies.
All these advances in the cybersecurity environment highlight a wide variety of threat tactics.