Between March 3 and March 9, at least 2,000 people a day downloaded the malicious "Quick access to ChatGPT" Chrome extension from the Google Play app store.

A threat actor may have compromised thousands of Facebook accounts — including business accounts — via a sophisticated fake Chrome ChatGPT browser extension which, until earlier this week, was available on Google's official Chrome Store.

According to an analysis this week from Guardio, the malicious "Quick access to Chat GPT" extension promised users a quick way to interact with the hugely popular AI chatbot. In reality, it also surreptitiously harvested a wide range of information from the browser, stole cookies of all authorized active sessions, and installed a backdoor that gave the malware author super-admin permissions to the user's Facebook account.

The Quick access to ChatGPT browser extension is just one example of the many ways in which threat actors have been trying to leverage the enormous public interest in ChatGPT to distribute malware and infiltrate systems. One example is an adversary who set up a fake ChatGPT landing page, where users tricked into "signing up" only ended up downloading a Trojan called Fobo. Others have reported a sharp increase in ChatGPT themed phishing emails in recent months, and the growing use of fake ChatGPT apps to spread Windows and Android malware.

**Targeting Facebook Business Accounts for a "Bot Army" **

Guardio's analysis showed that the malicious browser extension actually delivered on the quick access it promised to ChatGPT, simply by connecting to the chatbot's API. But, in addition, the extension also harvested a complete list of all cookies stored in the user's browser, including security and session tokens to Google, Twitter, and YouTube, and to any other active services.

In cases where the user might have had an active, authenticated session on Facebook, the extension accessed Meta's Graph API for developers. The API access gave the extension the ability to harvest all data associated with the user's Facebook account, and more troublingly, take a variety of actions on the user's behalf.

More ominously, a component in the extension code allowed hijacking of the user's Facebook account by essentially registering a rogue app on the user's account and getting Facebook to approve it.

"An application under Facebook's ecosystem is usually a SaaS service that was approved to be using its special API," Guardio explained. Thus, by registering an app in the user's account the threat actor gained full admin mode on the victim's Facebook account without having to harvest passwords or trying to bypass Facebook's two-factor authentication, the security vendor wrote.

If the extension encountered a Business Facebook account, it quickly harvested all information pertaining to that account, including currently active promotions, credit balance, currency, minimum billing threshold, and whether the account might have a credit facility associated with it. "Later, the extension examines all the harvested data, preps it, and sends it back to the C2 server using the following API calls — each according to relevancy and data type."

**A Financially Motivated Cybercriminal**

Guardio assessed that the threat actor will probably sell the information it harvested from the campaign to the highest bidder. The company also foresees the potential for the attacker to create a bot army of hijacked Facebook Business accounts, which it could use to post malicious ads using money from the victims' accounts.

Guardio described the malware as having mechanisms for bypassing Facebook's security measures when handling access requests to its APIs. For instance, before Facebook grants access via its Meta Graph API, it first confirms that the request is from an authenticated user and also from trusted origin, Guardio said. To circumvent the precaution, the threat actor included code in the malicious browser extension that ensured that all requests to the Facebook website from a victim's browser had their headers modified so they appeared to originate from there as well. 

**"**This gives the extension the ability to freely browse any Facebook page (including making API calls and actions) using your infected browser and without any trace," Guardio researchers wrote in the report on the threat.

ChatGPT Browser Extension Hijacks Facebook Business Accounts

A novel take on investment scams mixes romance and the lure of crypto riches to con targets out of "the whole hog" of their assets.

Pig butchering is a repulsively named, rising investment scam that uses a potent mix of the promise of romance and the lure of making easy cryptocurrency millions against its unsuspecting targets.

Through a careful process of "fattening up" victims with small returns on cryptocurrency deals and personal interactions, often with a romance element, all of which is meant to convince them to invest wildly. If successful, as they often are, threat actors are able to make off with the "whole hog" of their targets' assets.

Investment fraud as a category, of which pig butchering is a subset, cost victims about $3 billion in 2022, making it the top cybercrime loss leader, overtaking business email compromise (BEC) and even ransomware, according to a new analysis from Cofense of the latest FBI Internet Crime Report (IC3).

Within that, Cofense researcher Ronnie Tokazowski says that Cofense observed a 127% rise in pig butchering cases in 2022, though the latest IC3 doesn't specifically break out the threat. 

"FBI has mentioned pig butchering as a scam in several public alerts, news outlets have reported a massive increase, and seeing this missing is very surprising," Tokazowski says, noting that one alert was issued in New Mexico to warn residents about the rise of pig butchering scams during last December's holiday season.

"I have spoken with IC3 in the past, and this \[oversight\] may be a result of how metrics and data are collected," Tokazowski explains about his findings. "What I mean by that is if a victim initially \[calls something\] 'crypto investment' even though there may be a romance scam angle to it, this would ultimately be put in the 'crypto investment' bucket. Unfortunately, this single-bucket approach doesn’t tell the whole story, where victims are simultaneously part of different cybercrimes."

**Pandemic Loneliness Fueled Rise of Pig Butchering**

Pig butchering started in Asia, where it got its name, but the pandemic created an opportunity for threat groups to expand their operations into the US, Tokazowski explains.

"Based on reports from insiders tracking the scam, actors retooled their approaches to start targeting those in the west," he says. "Due to the increased isolation of the pandemic, this left people alone and vulnerable at home, anxiously awaiting any love connection. Scammers capitalized on this and is why we saw such a steep rise."

Experts who spoke to Dark Reading about the rising investment scam pointed out that it's essentially a riff on the classic Ponzi scheme.

"The abhorrently titled scam is essentially a rebrand of a Ponzi/pyramid scam," says Andrew Barratt, vice president of Coalfire. "Often executed using crypto, where more and more is taken until the mark/victim essentially thinks they’re onto a sure thing and puts more and more of their assets into an apparently growing 'investment,' before the calls go cold and the money is gone."

The rise of pig butchering is yet another example of how cybercriminals are leaning into social engineering to pull off their scams, Mike Britton, Abnormal Security's CISO says, but it demonstrates a shift to more time investment for a bigger payoff.

"Threat actors have seen huge payouts in their shift from high volume/low yield 'spray and pray' campaigns, to targeted and low volume — but massively high yield — social engineering attacks," Britton explains. "And with these incentives, they won’t be slowing down anytime soon."

Pig Butchering & Investment Scams: The $3B Cybercrime Threat Overtaking BEC

BlackLotus is the first in-the-wild malware to exploit a vulnerability in the Secure Boot process on Windows, and experts expect copycats and imminent increased activity.

BlackLotus, the first in-the-wild malware to bypass Microsoft's Secure Boot (even on fully patched systems), will spawn copycats and, available in an easy-to-use bootkit on the Dark Web, inspire firmware attackers to increase their activity, security experts said this week.

That means that companies need to increase efforts to validate the integrity of their servers, laptops, and workstations, starting now.

On March 1, cybersecurity firm ESET published an analysis of the BlackLotus bootkit, which bypasses a fundamental Windows security feature known as Unified Extensible Firmware Interface (UEFI) Secure Boot. Microsoft introduced Secure Boot more than a decade ago, and it's now considered one of the foundations of its Zero Trust framework for Windows because of the difficulty in subverting it.

Yet threat actors and security researchers have targeted Secure Boot implementations more and more, and for good reason: Because UEFI is the lowest level of firmware on a system (responsible for the booting-up process), finding a vulnerability in the interface code allows an attacker to execute malware before the operating system kernel, security apps, and any other software can swing into action. This ensures the implantation of persistent malware that normal security agents will not detect. It also offers the ability to execute in kernel mode, to control and subvert every other program on the machine — even after OS reinstalls and hard drive replacements — and load additional malware at the kernel level.

There have been some previous vulnerabilities in boot technology, such as the BootHole flaw disclosed in 2020 that affected the Linux bootloader GRUB2, and a firmware flaw in five Acer laptop models that could be used to disable Secure Boot. The US Department of Homeland Security and Department of Commerce even recently warned about the persistent threat posed by firmware rootkits and bootkits in a draft report on supply chain security issues. But BlackLotus ups the stakes on firmware issues significantly.

That's because while Microsoft patched the flaw that BlackLotus targets (a vulnerability known as Baton Drop or CVE-2022-21894), the patch only makes exploitation more difficult — not impossible. And the impact of the vulnerability will hard to measure, because affected users will likely not see signs of compromise, according to a warning from Eclypsium published this week.

"If an attacker does manage to get a foothold, companies could be running blind, because a successful attack means that an attacker is getting around all of your traditional security defenses," says Paul Asadoorian, principal security evangelist at Eclypsium. "They can turn off logging, and essentially lie to every kind of defensive countermeasure you might have on the system to tell you that everything is okay."

Now that BlackLotus has been commercialized, it paves the way for the development of similar wares, researchers note. "We expect to see more threat groups incorporating secure boot bypasses into their arsenal in the future," says Martin Smolár, malware researcher at ESET. "Every threat actor's ultimate goal is persistence on the system, and with UEFI persistence, they can operate much stealthier than with any other kind of OS-level persistence."

    

BlackLotus quickly followed after the publishing of the original exploit code. Source: ESET

**Patching Is Not Enough**

Even though Microsoft patched Baton Drop more than a year ago, the certificate of the vulnerable version remains valid, according to Eclypsium. Attackers with access to a compromised system can install a vulnerable bootloader and then exploit the vulnerability, gaining persistence and a more privileged level of control.

Microsoft maintains a list of cryptographic hashes of legitimate Secure Boot bootloaders. To prevent the vulnerable boot loader from working, the company would have to revoke the hash, but that would also prevent legitimate — although unpatched — systems from working.

"To fix this you have to revoke the hashes of that software to tell Secure Boot and Microsoft's own internal process that that software is no longer valid in the boot process," Asadoorian says. "They would have to issue the revocation, update the revocation list, but they're not doing that, because it would break a lot of things."

The best that companies can do is update their firmware and revocation lists on a regular basis, and monitor endpoints for indications that an attacker has made modifications, Eclypsium said in its advisory.

ESET's Smolár, who led the earlier investigation into BlackLotus, said in a March 1 statement to expect exploitation to ramp up.

"The low number of BlackLotus samples we have been able to obtain, both from public sources and our telemetry, leads us to believe that not many threat actors have started using it yet," he said. "We are concerned that things will change rapidly should this bootkit get into the hands of crimeware groups, based on the bootkit's easy deployment and crimeware groups' capabilities for spreading malware using their botnets."

BlackLotus Secure Boot Bypass Malware Set to Ramp Up

Hackers are increasingly tantalized by the troves of sensitive data held by lightly protected law firms and legal services organizations.

A rash of 10 cyberattacks hitting six different law firms materialized throughout January and February, attempting to infect law firm employees with info-stealing malware. The campaigns are emblematic of the rapidly growing attack landscape in the legal profession, driven by the treasure trove of data that firms possess: personal details about clients, information about criminal defense proceedings, very specific contractual information, financial account data, and so much more.

For law firms, the risk is twofold: The cost of remediation and maintaining operational status in the face of a cyberattack and potential legal consequences if the data they hold is exposed.

According to eSentire's Threat Response Unit (TRU), the most recent spate of attacks came from two separate, ongoing threat campaigns. In the first campaign, attackers attempted to infect law firm employees using SEO poisoning to lure victims to compromised WordPress websites. The sites were seeded with malicious links to phony contract or agreement templates that ran GootLoader malware. The second campaign utilized watering-hole attacks against victims, by poisoning a notary public's website with SocGholish malware, in the hopes of ensnaring lawyers and other related legal professionals.

"Law firms and legal services organizations have exceptional access to non-public and confidential data across all facets of the public and private sectors," says Larry Gagnon, senior vice president of security services and incident response for eSentire. "They, therefore, face significant cyber threats from adversaries' intent on financial cybercrime that want to steal and sell sensitive data associated with those clients and their activities."

And indeed, an analysis in January published by The American Lawyer on Law.com shows that cyberattacks in the legal sector have escalated significantly in the past few years. In looking at national data sets posted by four state governments required to publicly disclose the data, between 2014 and 2019, fewer than 20,000 Americans had their personally identifiable information (PII) compromised by law firm breaches. But between 2020 through 2022, that number shot up exponentially to 779,000. While only a limited data set, the growth statistic provides an excellent proof point to the fact that attackers are drawn to law firms like moths to light.

**Why Legal Firms Are So Attractive to Hackers**

It isn't just the sensitivity of the data that legal firms handle but also the scope and detail of data that can be dug up by attackers who successfully breach a single firm — especially if it's a large one. One attack can be a one-stop shop for monetizing the data and access stolen from not just one organization, but a whole portfolio of them.

"Law firms connect with and support many clients at any given time. Compromising one law firm gives bad actors access to numerous client networks without having to directly reach each one of them," says Michael Tal, technical director for Votiro, a cloud file security firm that works extensively with the legal industry. "Files are the primary form of communication and weaponizing them gives bad actors a sure way to get the clients to open and infect the clients."

For example, he noted one potential attack that his team uncovered where a hacker managed to breach the email inbox of a law firm and was using that access to send out malicious password-protected zipped files to insurance companies.

The other attractive element for hackers is that law firms and legal services companies tend to be very soft targets.

"Most law firms don’t have dedicated cybersecurity programs or personnel. As a result, their cybersecurity posture has likely failed to keep up with their requirements as a business," says eSentire's Gagnon, who notes that the legal IT environment also tends to be challenging to harden because it is typically comprised of a mix of legacy technology and more modern cloud-based solutions that sometimes don't play nicely together without advanced support. "When attackers successfully breach a legal organization, they tend to progress beyond the initial foothold to the intrusion phase more quickly."

This is likely also attributed to the fact that fewer than half of law firms have some kind of cyber incident response plan in place. According to the American Bar Association's (ABA) annual tech report published last November, only 42% of firms have a plan in place.

A cyberattack is a nightmare scenario for law firms that are at risk of not only having their reputations torn to tatters but also of breaking very strict compliance mandates and confidentiality laws. But the good news is that many law firms are at least building awareness about cybersecurity risks among their business and attorney stakeholders. 

The ABA report shows that the number of respondents reporting at least some cybersecurity governing policies in place for technology usage has grown from 77% two years ago up to 89% in 2022. 

It may take a while for investments to catch up with awareness, says Fran Haasch, founding attorney of Fran Haasch Law Group.

"Some law firms may view cybersecurity as an unnecessary expense or may not prioritize it over other business concerns," she says. "However, with the increasing prevalence of cyber threats and the potential legal and financial repercussions of a cyberattack, law firms should take cybersecurity seriously and invest in appropriate measures to protect their clients and themselves."

Legal Industry Faces Double Jeopardy as a Favorite Cybercrime Target

A video-enabled smart intercom made by Chinese company Akuvox has major security vulnerabilities that allow audio and video spying, and the company has so far been unresponsive to the discoveries.

A popular smart intercom and videophone from Chinese company Akuvox, the E11, is riddled with more than a dozen vulnerabilities, including a critical bug that allows unauthenticated remote code execution (RCE).

These could allow malicious actors to access an organization's network, steal photos or video captured by the device, control the camera and microphone, or even lock or unlock doors.

The vulnerabilities were discovered and highlighted by security firm Claroty's Team82, which became aware of the device's weaknesses when they moved into an office where the E11 had already been installed.

Members of Team82's curiosity about the device turned into a full-blown investigation as they uncovered 13 vulnerabilities, which they divided into three categories based on the attack vector used.

The first two types can occur either through RCE within the local area network or remote activation of the E11's camera and microphone, allowing the attacker to collect and exfiltrate multimedia recordings. The third attack vector targets access to an external, insecure file transfer protocol (FTP) server, allowing the actor to download stored images and data.

**A Critical RCE Bug in the Akuvox 311**

As far as bugs that stand out the most, one critical threat — CVE-2023-0354, with a CVSS score of 9.1 — allows the E11 Web server to be accessed without any user authentication, potentially giving an attacker easy access to sensitive information.

"The Akuvox E11 Web server can be accessed without any user authentication, and this could allow an attacker to access sensitive information, as well as create and download packet captures with known default URLs," according to the Cybersecurity and Infrastructure Security Agency (CISA), which published an advisory about the bugs, including a vulnerability overview.

Another vulnerability of note (CVE-2023-0348, with a CVSS score of 7.5) concerns the SmartPlus mobile app that iOS and Android users can download to interact with the E11.

The core issue lies in the app's implementation of the open source Session Initiation Protocol (SIP) to enable communication between two or more participants over IP networks. The SIP server does not verify the authorization of SmartPlus users to connect to a particular E11, meaning any individual with the app installed can connect to any E11 connected to the Web — including those located behind a firewall.

"We tested this using the intercom at our lab and another one at the office entrance," according to the Claroty report. "Each intercom is associated with different accounts and different parties. We were, in fact, able to activate the camera and microphone by making a SIP call from the lab's account to the intercom at the door."

**Akuvox Security Vulnerabilities Remain Unpatched**

Team82 outlined their attempts to bring the vulnerabilities to the Akuvox's attention, beginning in January 2022, but after several outreach attempts, Claroty's account with the vendor was blocked. Team82 subsequently published a technical blog detailing the zero-day vulnerabilities and involved the CERT Coordination Center (CERT/CC) and CISA.

Organizations using the E11 are advised to disconnect it from the Internet until the vulnerabilities are fixed, or to otherwise ensure the camera is not capable of recording sensitive information.

Within the local area network, "organizations are advised to segment and isolate the Akuvox device from the rest of the enterprise network," according to the Claroty report. "Not only should the device reside on its own network segment, but communication to this segment should be limited to a minimal list of endpoints."

**Bugs in Cameras & IoT Devices Abound**

A world of increasingly connected devices has created a vast attack surface for sophisticated adversaries.

The number of industrial internet of things (IoT) connections alone — a measure of the number of total IoT devices deployed — is expected to more than double to 36.8 billion in 2025, up from 17.7 billion in 2020, according to Juniper Research.

And while the National Institute of Standards and Technology (NIST) has settled on a standard for encrypting IoT communications, many devices remain vulnerable and unpatched.

Akuvox is the latest in a long line of these found to be severely lacking when it comes to device security. For instance, a critical RCE vulnerability in Hikvision IP video cameras was disclosed last year.

And last November, a vulnerability in a series of popular digital door-entry systems offered by Aiphone allowed hackers to breach the entry systems — simply by utilizing a mobile device and a near-field communication (NFC) tag.

Unpatched Zero-Day Bugs in Smart Intercom Allow Remote Eavesdropping

CISOs' ability to pivot tight budgets is key to defense plans that can stand up to attackers.

The tsunami of cyberattacks in recent years has wreaked havoc among businesses' infrastructures and drowned many defense strategies across all industries. Adding additional stress is the fact that cyberattacks are often linked to global events. For instance, hackers have exploited the vulnerabilities within increasingly complex remote work infrastructures ignited by the pandemic, presenting new challenges for security leaders. The reality is, nowadays hackers aren't breaking in — they're logging in via human-based attacks.

With today's uncertain economy and high inflation rates, this year's budget forecast calls for dry conditions across the security landscape. This year's budgets already have been approved, but key priorities may shift throughout the year — making understanding when and how to pivot tight budgets a critical aspect of ensuring the security of CISOs' infrastructures.

One strategy CISOs are following is to implement similar principles as attackers who are exploiting economic, social, and technical disruptions within society.

**Priorities to Consider When Shifting Budgets**

With the changing nature of the economy and workforce structures, there are many different factors to consider when executing a properly informed budget shift. So, from one CISO to another, here are five key priorities for security leaders to consider when preparing for potential budget shifts this year and beyond:

1.  **Geopolitical influences of cybersecurity:** Hackers have evolved their attacks to exploit geopolitical disruptions. These impacts, including the war in Ukraine, have refined the use of popular attack styles to increase the success of attackers' ransomware efforts.For instance, Russian hackers such as the Conti ransomware group have thwarted US and international war efforts to support Ukraine through the targeting and injection of ransomware into organizations operating within critical infrastructures. Recently, the common methods leveraged to infect businesses with ransomware across the globe include password spraying, spear-phishing, and credential stuffing. Due to these increasingly sophisticated attacks, CISOs must integrate technological defense strategies capable of thwarting attacks that are constantly evolving.
2.  **Uncertain economy:** Desperate times call for desperate measures, and traditionally, uncertain economic periods mean an increase in cyberattacks. Attackers are leveraging advanced technologies to engage in high-risk, identity-related fraud tactics to steal employee credential information and extort businesses. In fact, since 2021, there has been more than a 60% rise in corporate email compromises, leading to additional enterprise losses totaling over $40 billion.
    
    As current economic standings reel in uncertainty, CISOs must prepare to alter their budgets toward ongoing risk management, with special emphasis on tools that will help mitigate human error. From compliance to risk assessments, strategies need to revolve around minimizing high-risk identity attacks.
    
3.  **Evolving regulations:** As we know, cybersecurity is ever-evolving. This means that new regulations are continuously created — and others that are already in effect, such as GDPR and CCPA, are becoming stricter. The current challenges involved with adhering to dynamic — and often overlapping, industry-focused, regional, and cross-countries requirements — can cause quite the headache for security leaders. So, how can CISOs continuously comply in an expanding security landscape?The appropriate investment in comprehensive defense measures, such as zero-trust access, will ensure the security of enterprises' data, helping them remain compliant and adherent to the variety of crossover regulation.  
    
4.  **Training:** In the cybersecurity industry, CISOs and security leaders can't afford for their enterprises to be impacted by the current talent gap. A lack of skilled personnel can result in potentially devastating vulnerabilities within their infrastructure.Security leaders must properly prepare for spending reprioritizations as the skills gap widens. This ensures that their team has the necessary knowledge to engage in effective in-house modern reskilling and upskilling approaches. One key budget shift could be toward the implementation of assistive, advanced cloud-based services, such as high-risk identity management solutions, which can also be integrated to strengthen the organization's digital infrastructure.
    
5.  **Modern strategies:** Currently, 80% of breaches rely on employee access credentials. To maximize their defenses, CISOs must confirm their current strategies are proficient enough to combat the constant influx of human-focused attack styles, including Kerberoasting and pass-the-hash attacks. If infrastructures are unstable and priorities need to shift, CISOs can turn to common tools, including zero-trust access and high-risk identity-based control solutions — which can combat growing offense efforts.As identity-focused attacks rise, businesses will need security tools programmed to trust no one, not even their own vendors. This will increase compliance measures and enable the protection and sole ownership of internal, external, third-party, customer, and stakeholder's user data. It will also allow for stronger authentication, the monitorization of internal and external user operations, and the halting of lateral movement within businesses' infrastructures.
    
    As cyber threats evolve, businesses will need to keep pace and allocate for improved security systems that provide seamless control within their budgets.
    

**Evolution Is Key**

Hackers will continue to alter their methods of attack and exploit the vulnerabilities within current global geopolitical events. To stop them, security leaders will need to make sure their current budgets can pivot and are adaptable enough to deploy modern defense strategies and technologies, and capable of handling priority shifts as the year progresses.

This includes leaders taking the current economic, social, and technological factors into consideration while developing their defense plan. Doing so will help them make more informed decisions around the optimal use of their cybersecurity budgets for the next year and beyond.

Make Sure Your Cybersecurity Budget Stays Flexible

If the proposed rule is approved, organizations would need to disclose all data breaches, even one that does not cause any harm, to affected customers.

A proposed rule change at the Federal Communications Commission would expand the definition of a data breach for communications carriers. If approved by the agency, the rule would cover any incident that affects the confidentiality of customer information, even if no harm to customers results.

"This \[rule\] means \[communications\] carriers would be required to report any unauthorized access or disclosure of customer information, even if the breach was unintentional or not malicious," says Venkat Gupta, data estate modernization portfolio leader at Sogeti, part of the Capgemini group. "Everyone should care because data breaches can occur in many different ways, and even unintentional breaches can have profound consequences."

The FCC said the rule change aligns with recent developments in federal and state data breach laws covering other industry sectors.

"The law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements," said FCC Chairwoman Jessica Rosenworcel in a prepared statement. "This new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches."

**Reporting to the FCC and Consumers**

Under the current rule, Gupta says, telecommunications carriers must notify federal law enforcement — the US Secret Service and the FBI — within seven business days of all breaches that involve customer proprietary network information (CPNI), and the carriers may inform affected consumers of such breaches seven days after they notify those agencies.

The proposed rule update requires carriers to notify the FCC contemporaneously with the law enforcement agencies as soon as practicable after discovery of a breach, and it would eliminate the current seven-day waiting period between notifying law enforcement and notifying the consumer.

Part of the incentive of updating the regulation, noted Ali Jessani, a senior associate at the law firm Wilmer Cutler Pickering Hale and Dorr LLP (WilmerHale), is that if the FCC is going to make the definition of a breach broader, companies will reassess their cybersecurity policies and procedures to prevent the breaches in the first place.

When a data breach occurs, such as an individual attack on a cell phone account, the attackers could monetize that attack in a matter of hours or minutes. Such an attack "is exactly why the notification rule exists — to give the consumer the ability to limit potential damage to their personal information being compromised," Jessani says. He cautions, however, that while the carrier might report such breaches to the authorities right away, if law enforcement asks the carrier to not alert the customer at the same time in order to preserve evidence for the investigation, the updated rule still protects the company.

Gupta agrees, noting the delay allows carriers to assess the scope and impact of the breach, including the number of customers affected and the type of information that was compromised. "This information is important for determining the appropriate response to the breach and for assessing the potential harm to customers. The waiting period also enables carriers to take any necessary steps to mitigate the effects of the breach and prevent further damage," he says.

Having carriers notify the FCC, Secret Service, and FBI at the same time will minimize burdens on carriers, eliminate confusion regarding obligations, and streamline the reporting process, allowing carriers to free up resources that can be used to address the breach and prevent further harm, Gupta says.

**A Push to Improve Processes**

The proposed rule change could have a direct impact on the carriers' operations as they are forced to change their processes and procedures. "Carriers will need to implement new procedures for identifying and reporting breaches that affect the confidentiality of customer information. This may include changes to the carrier's incident response plan, which outlines the steps to be taken in the event of a data breach," Gupta notes.

Carriers might also need to invest in new technology or security measures to prevent breaches and detect unauthorized access to customer information. For example, some carriers might need to implement multifactor authentication, encryption, and other controls to protect sensitive customer data.

"Overall," Gupta says, "the proposed rule change will require carriers to take a more proactive approach to data security and breach reporting. This may result in additional costs and resources for carriers, but it is ultimately designed to better protect customer privacy and prevent future breaches in the telecommunications industry."

Public comments on the FCC data breach reporting requirements are due by March 24.

Proposed FCC Rule Redefines Data Breaches for Communications Carriers

New premium service provides all-in-one personal protection beyond device security to include identity restoration and unlimited 24/7 tech support.

**TEMPE, Ariz.** **and** **PRAGUE****,** **March 9, 2023** **/PRNewswire/ --** Avast, a leading digital security and privacy brand of Gen™ (NASDAQ: GEN), today launched Avast One Platinum, the new premium tier of the award-winning Cyber Safety service, Avast One. The new Platinum offering combines the full feature set from Avast One Family with identity monitoring and protection, identity theft resolution and reimbursement\*, and premium technical support, to give people more control and reassurance over their digital lives.

"The new Avast One Platinum tier is a step-change improvement to the award-winning Avast One integrated solution," said Leena Elias, Chief Product Officer at Gen. "Platinum represents the best and most comprehensive Avast offer to date. It combines device protection, privacy, performance, and utilities capabilities and now adds identity theft protection and tech support. With greater protection from new and evolving threats and 24/7 premium technical support for IT issues around the home, every member of the family can have the confidence to embrace the digital world to the fullest."

Avast One Platinum provides a comprehensive protection and restoration service which includes the following key features:

*   **Premium Tech Support**: provides personalized help and remote support for any Avast product as well as all IT issues with phones, laptops, or printers with a dedicated hotline to Avast's tech experts 24/7.
*   **Dark Web Monitoring and Alerts:** monitors for personal and financial data, such as banking information, driver's licenses, IDs, passports, and social security numbers, and notifies if information is found.
*   **Identity Theft Reimbursement:** provides coverage of up to $2 million in reimbursement\* in the event of identity theft, including recovering certain lost wages, stolen funds, and certain out-of-pocket expenses.
*   **Social Media Monitoring:** monitors for bullying and violent, profane, or scam-related posts that indicate account compromise.
*   **3 Bureau Credit Report Monitoring:** monitors credit files from three leading credit bureaus, TransUnion, Equifax, and Experian, and notifies about key changes such as new account openings, credit inquiries, exceeding credit limits, and missed payments.
*   **Lost Wallet Protection:** provides the ability to quickly cancel and replace credit, debit, and ATM cards if a wallet is lost or stolen which helps avoid incurring fraudulent charges and time spent ordering replacement cards.
*   **Restoration Support:** provides access to certified protection experts for troubleshooting and resolving identity theft issues, with assistance also available to initiate a credit freeze or dispute fraudulent credit report activity.

Following its debut in 2021, Avast One has introduced major updates on iOS, Android, Mac, and Windows platforms for both free and paid versions. These updates include Scam Protection, which identifies malicious communications, a cloud-based Email Guardian which blocks malicious links and attachments wherever an email account is accessed, Network Inspector, a home network protection tool, and Online Safety Score, all of which are included in Avast One Platinum.

Avast One Platinum is available now in the US and compatible with iOS, Android, Mac, and Windows platforms, protecting up to six family members and a total of 30 devices. Subscriptions are available for $249.99 per year. To learn more, visit https://www.avast.com/en-us/avast-one.

**About Avast:**

Avast is a leader in digital security and privacy, and a brand of Gen™ (NASDAQ: GEN), a global company dedicated to powering Digital Freedom through a family of trusted consumer brands. Avast protects hundreds of millions of users from online threats with a threat detection network that is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, SE Labs and others. Avast is a member of the Coalition Against Stalkerware, No More Ransom and Internet Watch Foundation. Visit: www.avast.com.

Avast Introduces Avast One Platinum

Study underscores the clear and pressing need for real-time physical and cyber threat alerts for effective enterprise risk management and business resilience.

**NEW YORK****,** **March 9, 2023** **/PRNewswire/ --** Dataminr, one of the world's leading AI companies, today released a commissioned study conducted by Forrester Consulting to evaluate the state of enterprise risk management (ERM) at midsize to large enterprises across industries in the North America, Europe, and APAC regions.

Forrester surveyed 500 risk leaders to inform the commissioned study titled _Constant Disruption Is The New Status Quo_, and found that organizations encounter significant organizational, strategic, and technological barriers on their way to implementing an effective ERM strategy. The study also found that nearly 70% of respondents said their organizations experienced at least two separate critical risk events in the past year, while over 40% experienced at least three, and nearly 20% suffered six or more incidents.

"Following the unprecedented events of the past three years, this research illustrates that now, more than ever, it is crucial for businesses to have a system in place to discover and manage major physical and cyber risk events," said Jason Edelboim, President and COO of Dataminr. "These findings have been incredibly valuable to help demonstrate the utility of Dataminr's real-time alerts—ultimately giving clients an earlier line of sight into high-impact events and emerging risks that could impact their organizations."

The survey found that 70% of respondents believed that optimized, real-time alerting would have helped them significantly or totally reduced the harm of the most serious or disruptive events their organization faced last year. At this time, 56% of respondents indicated they don't have real-time alerting solutions in place today, but 62% plan to implement or expand their use of such tools, and 54% plan to increase investment over the next 12 months.

In the research, Forrester Consulting identified four key findings:

*   **Many risk leaders are taking too narrow a view of the systemic risks their organizations face**. Business risk will become more, not less, complicated to manage in the future, and fewer than a third of risk leaders completely agree that risks to their business can come from anywhere.
*   **Risk strategies have significantly advanced over the past few years, but still have a long way to go.** Just 36% of respondents have a C-suite champion leading risk management today.
*   **Cybersecurity and real-time alerting capabilities will be a major area of focus going forward.** Respondents were most likely to cite cyber risk tools and real-time alerting capabilities as the most critical features their next risk management platform must include.
*   **Successful ERM implementations are driven by aligned leadership, vision and technology.** Organizations with highly effective ERM strategies were 27% more likely to have a C-suite leader for ERM, compared to those from lower-maturity organizations. C-suite champions are empowered to work across organizational silos and to coordinate with other business leaders within the organization.

In addition to the above key takeaways, the survey also found that only 18% of respondents reported that their current ERM strategies are effective or very effective across all five capabilities surveyed, including identifying, evaluating, monitoring, responding to, and communicating about risk.

Forrester completed the study in Q3 2022. Participants were decision makers in physical security and security operations, cyber/information security, business continuity, human resources and employee experience, corporate communications, and supply chain roles. Questions focused on how organizations navigate risk strategies, technologies and workflows.

To learn more about the study, _Constant Disruption is The New Status Quo,_ commissioned by Dataminr, visit here.

**ABOUT DATAMINR**

Dataminr delivers the earliest warnings on high impact events and critical information far in advance of other sources. Recognized as one of the world's leading AI businesses, Dataminr enables faster response, more effective risk mitigation and stronger crisis management for public and private sector organizations spanning global corporations, first responders, NGOs, and newsrooms. Most recently valued at $4.1B, Dataminr is one of New York's top private technology companies, with 800+ employees across seven global offices.

Since its founding, Dataminr has created the world's leading real-time information discovery platform, which detects digital patterns of emerging events and critical information from public data signals. Today, Dataminr's advanced AI platform performs trillions of daily computations across billions of public data inputs from over 500,000 unique public data sources. The Company has been recognized for its groundbreaking AI platform and rapid revenue growth by Forbes AI 50 and Deloitte Fast 500, and has been named to Forbes Cloud 100 for six consecutive years.

Alongside Dataminr's corporate product, Dataminr Pulse, the Company provides its First Alert product for first response to public sector organizations, including the United Nations, which relies on First Alert in over 100 countries. Dataminr for News is used by more than 650 newsrooms and over 30,000 journalists worldwide.

Forrester Study Reveals Businesses Are Insufficiently Prepared to Manage Enterprise Risks

**CHICAGO****,** **March 9, 2023** **/PRNewswire/ --** March is an exciting time for diehard and casual college basketball fans alike, but anyone planning to have fun around the tournament should stay vigilant to protect their personal and financial information from cyberthreats. The tournament is an opportune time for cybercriminals to send out phishing scams, steal sensitive information, and scam you out of money. To help fans avoid becoming victims of cybercrime, Keeper Security is providing the following cybersecurity tips.

**#1 Be on the lookout for phishing scams.** Cybercriminals use phishing scams to steal your personal information. During the tournament, cybercriminals may send phishing emails or text messages with malicious links or attachments disguised as updates on games or brackets. To avoid becoming a victim of a phishing attack, do not open attachments or click on links from unknown sources, verify that it's a trusted source requesting the information and check all links to make sure they're not leading you to a malicious site. Scammers also use social engineering to trick people into sending them money using any information they can find about you. They may impersonate a friend or family member claiming to be in urgent need of money to buy tickets or place bets on games. Scammers may even impersonate the athletes themselves or their family members with stories about needing money to get to the game. 

**#2 Create strong, unique passwords for all of your accounts.** When creating accounts to follow the games, create a bracket or take part in the fun of the tournament any other way, it may be tempting to reuse passwords. Make sure you have different, high-strength passwords for all of your accounts. This way, if one account is breached, a cybercriminal does not gain access to all of them. Passwords should be at least 12 characters with a mix of uppercase and lowercase letters, a variety of special characters and a random assortment of numbers. Also, consider using a passphrase rather than a single word. Avoid using easily guessable information such as familiar names, birthdates and addresses. A password manager can generate and securely store strong passwords, which can be especially useful for accounts that are infrequently used. Consider implementing multi-factor authentication for your accounts as an additional layer of security. 

**#3 Be wary of free sports streams.** Cord cutters and fans trying to get around regional blackouts often turn to the internet in search of free streams to watch their favorite teams, but they may end up paying the price with their security. While there are legitimate websites and apps that will stream certain games for free, the websites that host illegal streams may also host ads for questionable content or products and malicious links that could install malware that will harm your system. 

**#4 Don't fall for fake ticket sales or fake brackets.** Fake tickets are abundant during any major sporting event, but if the deal seems too good to be true, it probably is. Only buy tickets from reputable sellers that offer a secure payment system and recourse if the tickets don't come through. The tournament is also a time when more fans are trying to win money on the games, and scammers are ready to take advantage. They may create fake bracket contests promising large prizes to the winners. Once they collect your entry fee or personal information, though, they disappear and the winners never receive their prizes. 

**#5 Be cautious when using public WiFi.** If you're going to watch the tournament at a venue offering WiFi, think twice before connecting. Public WiFi is a key battleground for cybercriminals. Thus, without proper protections, you may be vulnerable to both a cyberattack and eavesdropping. Open public WiFi should not be used to send any personal or financial information. The use of public computers should be avoided for the same reason. Use a trusted network with a strong WiFi password, a VPN when possible, and ensure your home router's software is up to date.

To avoid falling victim to sports-related scams, always be cautious of unsolicited messages or offers, double-check the authenticity of the sender or the website, and never provide personal information or payment without verifying the legitimacy of a transaction. By following these simple tips, fans will be far less likely to fall victim to cybercrime this March.

**About Keeper** 

Keeper Security is transforming how people secure their passwords and confidential information against growing online threats. Forgot your password? That'll never happen again with Keeper's easy-to-use password manager that saves you time, increases your security and streamlines your online experience. Built to the highest zero-trust and zero-knowledge standards, Keeper protects you and your family on every device. Keeper is trusted by millions of people globally with more than 230,000 5-star reviews in the app stores, and is recognized by publications including PCMag and U.S. News & World Report as the leader for password storage, secure sharing and encrypted messaging. Learn more at KeeperSecurity.com.

Source

DARKReading