Headline
Report Uncovers Massive Sale of Compromised ChatGPT Credentials
By Deeba Ahmed Group-IB Report Warns of Evolving Cyber Threats Including AI and macOS Vulnerabilities and Ransomware Attacks. This is a post from HackRead.com Read the original post: Report Uncovers Massive Sale of Compromised ChatGPT Credentials
Group-IB report unveils: compromised ChatGPT accounts sold on dark web, highlighting AI security risks, ransomware surge, macOS vulnerabilities. Take action to stay safe.
Group-IB’s Threat Intelligence has released a “Hi-Tech Crime Trends 23/24” report highlighting a dramatic surge in ransomware attacks, macOS system threats, and the growing use of AI by cyber criminals.
The report revealed Asia-Pacific being the primary target for advanced persistent threat groups in 2023, with 523 attacks worldwide. APAC organizations accounted for 34% of global attacks, with Europe and the Middle East ranking second and Africa third.
A 70% rise in public ads selling zero-day exploits was recorded during 2022-2023. Threats like the CVE-2023-38831 zero-day vulnerability in ZIP file format remained popular among advanced cybercrime groups and nation-state actors for cyber-espionage activities.
The report also warned of a growing interest in AI systems, particularly ChatGPT credentials, for reaching sensitive corporate data as public Large Language Models (LLMs) often do not protect accounts with multi-factor authentication.
AI systems can let attackers access confidential information, including internal source code, financial data, and trade secrets, and access communication history logs between employees and systems, allowing attackers access to sensitive data.
Over 225,000 infostealer logs containing compromised ChatGPT credentials were detected between January-October 2023. Four ChatGPT-style tools were developed since mid-2023 to facilitate such activities, including WolfGPT, DarkBARD, FraudGPT, and WormGPT. FraudGPT and WormGPT are popular for social engineering and phishing, while WolfGPT focuses on code or exploits.
Researchers detected around 130,000 compromised hosts with ChatGPT access between June and October 2023, marking a 36% increase from the previous year. The LummaC2 information stealer breached most logs.
Researchers also detected 4,583 companies with their information, files, and data published on ransomware Distributed Leaks (DLSs), marking a 74% growth from the previous year, with North American companies being the biggest victims.
Global threat actors, primarily APT groups, are targeting Apple platforms more, with underground sales of macOS information stealers increasing fivefold. Most concerning cyber risks for 2024 include zero-day exploits and malicious service use.
Cybersecurity firms have long been raising alarm over the continuous expansion in the global cyber threats spectrum. In June 2023, Group-IB researchers discovered a trend of over 100,000 devices infected with stolen ChatGPT credentials, with 26,802 compromised accounts recorded in May 2023. The Asia-Pacific region had the highest concentration of compromised credentials. ChatGPT’s default settings store user queries and AI responses, exposing confidential information.
In January 2024, Kaspersky Digital Footprint Intelligence reported threat actors exploiting AI technologies for illegal activities, sharing jailbreaks and exploiting legitimate tools for malicious purposes, particularly ChatGPT and LLMs, which can be used for malicious purposes, including malware development and illicit language model use.
The latest report highlights a significant rise in ransomware attacks targeting manufacturing, real estate, healthcare, government, and military sectors, the growing sophistication of cybercriminals targeting macOS systems, and the potential misuse of AI by cybercriminals to automate tasks, personalize attacks, and bypass security measures.
Businesses should invest in robust security solutions like firewalls, endpoint protection software, and intrusion detection systems, along with offering employee training on cyber threats to stay protected.
- OpenAI’s ChatGPT Can Create Polymorphic Malware
- Malicious Abrax666 AI Chatbot Exposed as Potential Scam
- Malicious Ads Infiltrate Bing AI Chatbot in Malvertising Attack
- Following WormGPT, FraudGPT Emerges for AI-Driven Cyber Crime
- Researcher create polymorphic Blackmamba malware with ChatGPT
Related news
Who needs advanced malware when you can take advantage of a bunch of OSS tools and free cloud services to compromise your target?
The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. "The threat actor targets Ukrainian employees working for companies outside of Ukraine," cybersecurity firm Deep Instinct said in a Thursday analysis. UAC-0099 was first
The Russian nation-state threat actor known as APT28 has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace. IBM X-Force is tracking the adversary under the name ITG05, which is also known as BlueDelta, Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Sednit, Sofacy, and
Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called Forest Blizzard (formerly Strontium), which is also widely tracked under the monikers APT28,
A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The activity has been attributed to a threat actor called Konni, which is assessed to share overlaps with a North Korean cluster tracked as Kimsuky (aka APT43). "This campaign relies on a remote access trojan
By Deeba Ahmed All a user needs to do is visit the official WinRAR website and install the latest version to thwart the attack. This is a post from HackRead.com Read the original post: APTs Exploiting WinRAR 0day Flaw Despite Patch Availability
State-sponsored cyber espionage actors from Russia and China continue to target WinRAR users with various info-stealing and backdoor malware, as a patching lag plagues the software's footprint.
Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems. "The attack involves the use of malicious archive files that exploit the recently discovered vulnerability affecting the WinRAR compression software versions prior to 6.23 and traced as
A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with VenomRAT malware. "The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked as
The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates the infection chain. “Visiting the link will download a ZIP archive containing three JPG images (
A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it possible to launch malicious scripts contained within an archive that masquerades as seemingly innocuous image or text files.