Cybercriminals are using advanced techniques to target executives with mobile-specific phishing attacks.

****KEY SUMMARY POINTS****

*   **Targeted Attacks:** Sophisticated spear phishing campaigns are increasingly targeting corporate executives via mobile devices, using social engineering tactics.

*   **Exploitation of Trust:** Attackers mimic legitimate services like DocuSign and Google, leveraging urgency and credibility to deceive victims.

*   **Advanced Techniques:** Campaigns use CAPTCHAs, mobile-specific fake login pages, and compromised domains to bypass detection mechanisms.

*   **Infrastructure Abuse:** Attackers utilize platforms like Cloudflare for SSL encryption and DDoS protection, complicating detection efforts.

*   **Proactive Defense:** Regular employee training, advanced mobile device management (MDM) solutions, and automated incident response platforms are critical to mitigating these threats.

Mobile devices have become a prime target for sophisticated phishing attacks, particularly those aimed at corporate executives. These targeted attacks, known as spear phishing, leverage social engineering tactics to steal valuable credentials and gain access to sensitive information.

The Phishing and Data Analytics Team at Zimperium uncovered a recent spear phishing campaign targeting executives. The attack involves using a mimicked legitimate DocuSign document requiring immediate review, a common tactic that exploits urgency and authority.

Spear phishing is a popular attack vector against corporate executives, compromising high-value credentials that grant access to sensitive data and systems. The attack begins with a seemingly innocent link disguised as a DocuSign document. The link used a legitimate domain (clickmethryvcom) to mask its origin, and once clicked initiates a series of redirects. First, it redirects to a compromised university website, leveraging its credibility to bypass detection. 

Screenshot of the DocuSign phishing email and the university’s landing page (Via Zimperium)

Researchers noted that attackers have used CAPTCHAs to prevent automated detection and implemented mobile-specific targeting. Moreover, if the link is accessed via a mobile device, the attack presents a fake Google sign-in page to steal credentials whereas desktops are redirected to legitimate Google sites. Another observation is that the phishing site (diitalwaveru) and its SSL certificate were created just days before the attack, highlighting the attackers’ focus on rapid deployment.

Further probing as per Zimperium’s blog post, revealed that the attackers had utilized Cloudflare’s infrastructure for DDoS protection, SSL encryption, and fast content delivery, making it harder to detect. And, in addition to email-based attacks, the campaign also used PDF documents containing embedded phishing URLs. These PDFs mimicked legitimate DocuSign workflows, bypassing traditional URL scanning and exploiting trust in business documents.

The incident highlights the evolving nature of mobile phishing attacks, with attackers investing heavily in infrastructure to bypass security controls, targeting mobile devices often overlooked in security strategies, and exploiting compromised domains for credibility. 

Therefore, it has become essential to conduct regular security awareness training programs to educate employees about the latest phishing tactics and best practices for identifying and avoiding such attacks. Organizations must also deploy advanced Mobile Device Management (MDM) solutions to enforce security policies, such as password complexity, screen lock timeouts, and remote wipe capabilities.

Mika Aalto, Co-Founder and CEO at Hoxhunt weighed in on the situation emphasizing the importance of proactive training for employees and management to identify and report phishing attacks, as technical tools alone may not catch all threats.

_“_The most important thing that companies can do is to shift left and equip senior management and employees with the skills and tools to recognize and safely report a mobile phishing (mishing) attack. We can hope that technical filters and endpoint detection and response technologies quickly develop to be able to pick up these highly obfuscated, native code-based Malware attacks and pinpoint irregular signals and traffic,_“_ said Mika.

_“_Ultimately, it comes down to people. Attackers will launch a complex attack with what might just be a simple phishing message. It’s up to people to be able to listen to that little voice in their head that is telling them that something is wrong and report suspicious messages as a matter of habit. From there, you want to have a platform that will automatically categorize and escalate their reports to the SOC for accelerated response,_“_ he explained.

1.  99% of UAE’s .ae Domains Exposed to Phishing and Spoofing
2.  Scammers Exploit Fake Domains in Dubai Police Phishing Scams
3.  Ongoing Phishing Attack Targets Employees Across 12 Industries
4.  Rockstar 2FA Phishing-as-a-Service Kit Hits Microsoft 365 Accounts
5.  Xiū gǒu Phishing Kit Hits UK, US, Japan, Australia Across Key Sectors

New Mobile Phishing Targets Executives with Fake DocuSign Links

A free VPN app called Big Mama is selling access to people’s home internet networks. Kids are using it to cheat in a VR game while researchers warn of bigger security risks.

In the hit virtual reality game _Gorilla Tag_, you swing your arms to pull your primate character around—clambering through virtual worlds, climbing up trees and, above all, trying to avoid an infectious mob of other gamers. If you’re caught, you join the horde. However, some kids playing the game claim to have found a way to cheat and easily “tag” opponents.

Over the past year, teenagers have produced video tutorials showing how to side-load a virtual private network (VPN) onto Meta’s virtual reality headsets and use the location-changing technology to get ahead in the game. Using a VPN, according to the tutorials, introduces a delay that makes it easier to sneak up and tag other players.

While the workaround is likely to be an annoying but relatively harmless bit of in-game cheating, there’s a catch. The free VPN app that the video tutorials point to, Big Mama VPN, is also selling access to its users’ home internet connections—with buyers essentially piggybacking on the VR headset’s IP address to hide their own online activity.

This technique of rerouting traffic, which is best known as a residential proxy and more commonly happens through phones, has become increasingly popular with cybercriminals who use proxy networks to conduct cyberattacks and use botnets. While the Big Mama VPN works as it is supposed to, the company’s associated proxy services have been heavily touted on cybercrime forums and publicly linked to at least one cyberattack.

Researchers at cybersecurity company Trend Micro first spotted Meta’s VR headsets appearing in its threat intelligence residential proxy data earlier this year, before tracking down that teenagers were using Big Mama to play _Gorilla Tag_. An unpublished analysis that Trend Micro shared with WIRED says its data shows that the VR headsets were the third most popular devices using the Big Mama VPN app, after devices from Samsung and Xiaomi.

“If you’ve downloaded it, there’s a very high likelihood that your device is for sale in the marketplace for Big Mama,” says Stephen Hilt, a senior threat researcher at Trend Micro. Hilt says that while Big Mama VPN may be being used because it is free, doesn’t require users to create an account, and apparently doesn’t have any data limits, security researchers have long warned that using free VPNs can open people up to privacy and security risks.

These risks may be amplified when that app is linked to a residential proxy. Proxies can “allow people with malicious intent to use your internet connection to potentially use it for their attacks, meaning that your device and your home IP address may be involved in a cyberattack against a corporation or a nation state,” Hilt says.

"Gorilla Tag is a place to have fun with your friends and be playful and creative—anything that disturbs that is not cool with us,” a spokesperson for Gorilla Tag creator Another Axiom says, adding they use “anti-cheat mechanisms” to detect suspicious behavior. Meta did not respond to a request for comment about VPNs being side-loaded onto its headsets.

**Proxies Rising**

Big Mama is made up of two parts: There’s the free VPN app, which is available on the Google Play store for Android devices and has been downloaded more than 1 million times. Then there’s the Big Mama Proxy Network, which allows people (among other options) to buy shared access to “real” 4G and home Wi-Fi IP addresses for as little as 40 cents for 24 hours.

Vincent Hinderer, a cyber threat intelligence team manager who has researched the wider residential proxy market at Orange Cyberdefense, says there are various scenarios where residential proxies are used, both for people who are having traffic routed through their devices and also those buying and selling proxy services. “It’s sometimes a gray zone legally and ethically,” Hinderer says.

For proxy networks, Hinderer says, one end of the spectrum is where networks could be used as a way for companies to scrape pricing details from their competitors' websites. Other uses can include ad verification or people scalping sneakers during sales. They may be considered ethically murky but not necessarily illegal.

At the other end of the scale, according to Orange’s research, residential proxy networks have broadly been used for cyber espionage by Russian hackers, in social engineering efforts, as part of DDoS attacks, phishing, botnets, and more. “We have cybercriminals using them knowingly,” Hinderer says of residential proxy networks generally, with Orange Cyberdefense having frequently seen proxy traffic in logs linked to cyberattacks it has investigated. Orange’s research did not specifically look at uses of Big Mama's services.

Some people can consent to having their devices used in proxy networks and be paid for their connections, Hinderer says, while others may be included because they agreed to it in a service’s terms and conditions—something research has long shown people don’t often read or understand.

Big Mama doesn’t make it a secret that people who use its VPN will have other traffic routed through their networks. Within the app it says it “may transport other customer’s traffic through” the device that’s connected to the VPN, while it is also mentioned in the terms of use and on a FAQ page about how the app is free.

The Big Mama Network page advertises its proxies as being available to be used for ad verification, buying online tickets, price comparison, web scraping, SEO, and a host of other use cases. When a user signs up, they’re shown a list of locations proxy devices are located in, their internet service provider, and how much each connection costs.

This marketplace, at the time of writing, lists 21,000 IP addresses for sale in the United Arab Emirates, 4,000 in the US, and tens to hundreds of other IP addresses in a host of other countries. Payments can only be made in cryptocurrency. Its terms of service say the network is only provided for “legal purposes,” and people using it for fraud or other illicit activities will be banned.

Despite this, cybercriminals appear to have taken a keen interest in the service. Trend Micro’s analysis claims Big Mama has been regularly promoted on underground forums where cybercriminals discuss buying tools for malicious purposes. The posts started in 2020. Similarly, Israeli security firm Kela has found more than 1,000 posts relating to the Big Mama proxy network across 40 different forums and Telegram channels.

Kela’s analysis, shared with WIRED, shows accounts called “bigmama\_network” and “bigmama” posted across at least 10 forums, including cybercrime forums such as WWHClub, Exploit, and Carder. The ads list prices, free trials, and the Telegram and other contact details of Big Mama.

It is unclear who made these posts, and Big Mama tells WIRED that it does not advertise.

Posts from these accounts also said, among other things, that “anonymous” bitcoin payments are available. The majority of the posts, Kela’s analysis says, were made by the accounts around 2020 and 2021. Although, an account called “bigmama\_network” has been posting on the clearweb Blackhat World SEO forum until October this year, where it has claimed its Telegram account has been deleted multiple times.

In other posts during the last year, according to the Kela analysis, cybercrime forum users have recommended Big Mama or shared tips about the configurations people should use. In April this year, security company Cisco Talos said it had seen traffic from the Big Mama Proxy, alongside other proxies, being used by attackers trying to brute force their way into a variety of company systems.

**Mixed Messages**

Big Mama has few details about its ownership or leadership on its website. The company’s terms of service say that a business called BigMama SRL is registered in Romania, although a previous version of its website from 2022, and at least one live page now, lists a legal address for BigMama LLC in Wyoming. The US-based business was dissolved in April and is now listed as inactive, according to the Wyoming Secretary of State’s website.

A person using the name Alex A responded to an email from WIRED about how Big Mama operates. In the email, they say that information about free users’ connections being sold to third parties through the Big Mama Network is “duplicated on the app market and in the application itself several times,” and people have to accept the terms of conditions to use the VPN. They say the Big Mama VPN is officially only available from the Google Play Store.

“We do not advertise and have never advertised our services on the forums you have mentioned,” the email says. They say they were not aware of the April findings from Talos about its network being used as part of a cyberattack. “We do block spam, DDOS, SSH as well as local network etc. We log user activity to cooperate with law enforcement agencies,” the email says.

The Alex A persona asked WIRED to send it more details about the adverts on cybercrime forums, details about the Talos findings, and information about teenagers using Big Mama on Oculus devices, saying they would be “happy” to answer further questions. However, they did not respond to any further emails with additional details about the research findings and questions about their security measures, whether they believe someone was impersonating Big Mama to post on cybercrime forums, the identity of Alex A, or who runs the company.

During its analysis, Trend Micro’s Hilt says that the company also found a security vulnerability within the Big Mama VPN, which could have allowed a proxy user to access someone’s local network if exploited. The company says it reported the flaw to Big Mama, which fixed it within a week, a detail Alex A confirmed.

Ultimately, Hilt says, there are potential risks whenever anyone downloads and uses a free VPN. “All free VPNs come with a trade-off of privacy or security concerns,” he says. That applies to people side-loading them onto their VR headsets. “If you’re downloading applications from the internet that aren't from the official stores, there’s always the inherent risk that it isn’t what you think it is. And that comes true even with Oculus devices.”

This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

The National Defense Authorization Act passed today, but lawmakers stripped language that would keep the Trump administration from wielding unprecedented authority to surveil Americans.

The US Senate passed the National Defense Authorization Act (NDAA) on Wednesday after congressional leaders earlier this month stripped the bill of provisions designed to safeguard against excessive government surveillance. The “must-pass” legislation now heads to President Joe Biden for his expected signature.

The Senate’s 85–14 vote cements a major expansion of a controversial US surveillance program, Section 702 of the Foreign Intelligence Surveillance Act (FISA). Biden’s signature will ensure that the Trump administration opens with the newfound power to force a vast range of companies to help US spies wiretap calls between Americans and foreigners abroad.

Despite concerns about unprecedented spy powers falling into the hands of controversial figures such as Kash Patel, who has vowed to investigate Donald Trump’s political enemies if confirmed to lead the FBI, Democrats in the end made little effort to rein in the program.

The Senate Intelligence Committee first approved changes to the 702 program this summer with an amendment aimed at clarifying newly added language that experts had cast as dangerously vague. The vague text was introduced into the law by Congress in April, with Democrats in the Senate promising to correct the issue later this year. Ultimately, those efforts proved to be in vain.

Legal experts began issuing warnings last winter over Congress’s efforts to expand FISA to cover a vast range of new businesses not originally subject to Section 702’s wiretap directives. While reauthorizing the program in April, Congress changed the definition of what the government considers an “electronic communications service provider,” a term applied to companies that can be compelled to install wiretaps on the government’s behalf.

Traditionally, “electronic communications service providers” refers to phone and email providers, such as AT&T and Google. But as a result of Congress redefining the term, the new limits of the government’s wiretap powers are unclear.

It is widely assumed that the changes were intended to help the National Security Agency (NSA) target communications stored on servers at US data centers. Due to the classified nature of the 702 program, however, the updated text purposefully avoids specifying which types of new businesses will be subject to government demands.

Marc Zwillinger, one of the few private attorneys to testify before the nation’s secret surveillance court, wrote in April that the changes to the 702 statute mean that “any US business could have its communications \[wiretapped\] by a landlord with access to office wiring, or the data centers where their computers reside,” thus expanding the 702 program “into a variety of new contexts where there is a particularly high likelihood that the communications of US citizens and other persons in the US will be ‘inadvertently’ acquired by the government.”

Despite such warnings, Senate Democrats rushed to reauthorize the 702 program in April with the nebulous language attached. In a floor speech urging his colleagues to temporarily disregard the concerns, Mark Warner, chair of the Senate Intelligence Committee, vowed to amend the law again before the end of year. As of Wednesday it was clear he could no longer keep that pledge.

Text approved in June by Warner’s committee aimed to clarify the scope of the 702 program but was excised from the text of the NDAA earlier this month, reportedly at the urging of Ohio Republican Mike Turner, chair of the House Intelligence Committee, among others. WIRED reported in March that Turner had defended the 702 program during a closed briefing on Capitol Hill, using images of anti-war protesters at US universities to suggest that the spy powers were needed to ferret out potential ties between American students and Hamas. (No such ties have been reported.)

Wiretap orders issued under the 702 program permit the government to secretly eavesdrop on the calls and messages of foreigners, who generally lack any right to privacy under US law. The wiretaps, however, also routinely capture Americans in private conversation, despite constitutional limits that typically forbid such surveillance without a judge’s consent.

Notably, wiretap orders executed under Section 702 are never reviewed by a federal judge. Calls, texts, and emails collected under the program may be stored by the government for up to five years and will be accessed in some cases by the FBI. The bureau maintains its own Section 702 database, which is regularly used to develop leads in cases unrelated to why the wiretaps were originally collected.

An aide to Warner tells WIRED that the senator acknowledges that the changes to Section 702 this year are “overly broad,” adding that he’s aware the language must be “further narrowed.” Warner remains committed to fixing the law, said the aide, “whether it’s in this Congress or the next.”

The botched effort to check the government’s surveillance powers comes as the US national security establishment braces for what’s likely to be one of its most significant shakeups in decades. FBI director Chris Wray announced plans last week to voluntarily step down at the conclusion of Biden’s term, potentially clearing the way for a Republican-controlled Congress to fast-track Patel’s confirmation.

Patel has falsely accused Biden of rigging the 2020 presidential election and has vowed to bring cases “criminally or civilly” against members of the press. Trump has likewise pledged to investigate major news outlets that he has vaguely accused of “threatening treason.” Last week, Senate Republicans kneecapped an attempt by Democratic lawmakers to pass bipartisan legislation that would have shielded US journalists from government spying—likely a reaction to Trump issuing an command on Truth Social to “kill” the bill.

Privacy advocates on both sides of the aisle made failed attempts over the past year to limit the FBI’s access to Americans’ communications without a warrant. The calls for reform followed revelations that the 702 program had been inadvertently abused by FBI employees to conduct searches for the private messages of former and current federal officials, political commentators, and journalists. Other searches unlawfully performed at the FBI targeted a US senator, a state senator, and a state court judge.

According to the Privacy and Civil Liberties Oversight Board, US intelligence analysts have also abused the program to investigate potential sexual partners and potential tenants.

While the 702 program purportedly exists to exclusively further the government’s counterintelligence goals, surveillance experts say its scope likely extends far beyond terrorism and cyber threats, encompassing activities described as falling under the broad scope of US “foreign affairs.” Foreign journalists, government officials, and citizens of friendly nations never accused of a crime are just as likely to be deemed legitimate targets as foreign criminals and members of known terrorist organizations.

A separate amendment excised by congressional leaders from the NDAA, known as as the “Fourth Amendment Is Not For Sale Act,” was passed by the House of Representatives in April. Introduced initially as a standalone bill, the amendment would have banned the federal government from purchasing Americans’ location data without a warrant.

As WIRED has previously reported, US intelligence agencies have acknowledged purchasing large quantities of commercial data on US citizens, including information for which police normally require a warrant.

In a declassified report published last year, the Office of the Director of National Intelligence confirmed that the ocean of personal data being bought up by the government was highly sensitive, and that, in the wrong hands, it could be used to “facilitate blackmail” and other serious crimes.

Congress Again Fails to Limit Scope of Spy Powers in New Defense Bill

Attackers are using links to the popular Google scheduling app to lead users to pages that steal credentials, with the ultimate goal of committing financial fraud.

Source: Anatolii Babii via Alamy Stock Photo

Attackers are spoofing Google Calendar invites in a fast-spreading phishing campaign that can bypass email protections and aims to steal credentials, ultimately to defraud users for financial gain.

The campaign, discovered by researchers at Check Point Software, relies on modified "sender" headings to make emails appear as if they were sent via Google Calendar on behalf of a legitimate entity, such as a trusted brand or individual, they revealed in a blog post published Dec. 17.

Initially, messages included malicious Google Calendar .ics files that would lead to a phishing attack, the threat hunters wrote. However, "after observing that security products could flag malicious Calendar invites," attackers began aligning those files with links to Google Drawings and Google Forms to better disguise their activity.

**Mass-Scale Financial Scamming Is the Goal**

Given that Google Calendar is used by more than 500 million people and is available in 41 different languages, the campaign provides a massive attack surface, so "it is no wonder it has become a target for cybercriminals" seeking to compromise online accounts for financial gain, the team noted.

"After an individual unwittingly discloses sensitive data, the details are then applied to financial scams, where cybercriminals may engage in credit card fraud, unauthorized transactions or similar, illicit activities," the researchers wrote in the post. Stolen data also can be used to bypass security measures on other victim accounts to lead to further compromise, they added.

Related:Interpol: Can We Drop the Term 'Pig Butchering'?

Attackers also are moving fast with the campaign, with researchers observing more than 4,000 emails associated it in a four-week period. In those messages, attackers used references to about 300 brands in their fake invites to make them appear authentic, they wrote.

**What a Google Calendar Phish Looks Like**

A message associated with the campaign looks like a typical invite from Google Calendar in which someone known to or trusted by the individual targeted shares a calendar invite with them. The appearances of the messages vary, with some that really look almost identical to typical Google Calendar notifications, "while others use a custom format," the team wrote.

As noted previously, the emails include a calendar link or file (.ics) that includes a link to Google Forms or Google Drawings in an attempt to bypass email-scanning tools. Once a user takes the bait, they are then asked to click on another link, "which is often disguised as a fake reCAPTCHA or support button," that forwards them to a page "that looks like a cryptocurrency mining landing page or bitcoin support page," according to the post.

Related:Wallarm Releases API Honeypot Report Highlighting API Attack Trends

"These pages are actually intended to perpetrate financial scams," the team wrote. "Once users reach said page, they are asked to complete a fake authentication process, enter personal information, and eventually provide payment details."

**How to Avoid Becoming a "Google" Phishing Cyber Victim**

Check Point contacted Google about the campaign, which recommended that Google Calendar users enable the "known senders" setting in the app to help defend against this type of phishing. This setting will alert a user when they receive an invitation from someone not in their contact list or someone with whom they have not interacted with from their email address in the past, the company said.

Corporate defenders can used advanced email security solutions that can identify and block phishing attacks that manipulate trusted platforms with the inclusion of attachment scanning, URL reputation checks, and AI-driven anomaly detection, the Check Point team wrote.

Organizations also should monitor the use of third-party Google Apps and use cybersecurity tools that can specifically detect and warn its security teams about suspicious activity on third-party apps.

Related:Texas Tech Fumbles Medical Data in Massive Breach

Finally, two often-cited pieces advice for organizations when recommending phishing defense — the use of multifactor authentication (MFA) across business accounts and employee training on sophisticated phishing tactics — also can work in cases like this to shore up security.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaign

PRESS RELEASE

SAN FRANCISCO--(BUSINESS WIRE)--Wallarm, the leader in real-time blocking of API attacks, on Dec. 17 unveiled a comprehensive security research report based on data collected from the world's first globally distributed API honeypot network. The findings reveal critical insights into the growing threat landscape for APIs, showcasing their increasing vulnerability to rapid discovery and exploitation.

APIs have surpassed web applications as the primary targets of attackers, underscoring the urgency for businesses to implement robust API security measures. Organizations are plagued by uncontrolled API sprawl and lack of API governance, leading to significant breaches from exposed APIs. Wallarm’s study highlights several alarming trends that demand immediate attention from organizations deploying APIs.

Key Findings from the Report:

*   APIs Are the Prime Target: APIs now attract more attacks than traditional web applications.
    
*   Rapid Discovery: Newly deployed APIs are discovered by attackers in as little as 29 seconds.
    
*   Immediate Exploitation: Unprotected APIs are exploited within one minute of discovery.
    
*   High Velocity Data Theft: Attackers using batched API requests can exfiltrate millions of user records in seconds.
    
*   Targeting Well-Known Products: Recognizable and widely used API products face heightened targeting by attackers.
    

Related:Interpol: Can We Drop the Term 'Pig Butchering'?

Wallarm’s globally distributed honeypot, spanning 14 locations, captures data from diverse geographies and providers, revealing critical trends. The honeypot provides targeted responses to API requests across multiple protocols, including REST, XML-RPC, GraphQL, and others. Over half (54%) of observed request types were API-specific, demonstrating that APIs are the preferred vector for attackers. Among these, 40% of requests targeted known vulnerabilities (CVEs). While port 80 emerged as the most commonly discovered entry point, interactions were distributed across many ports, demonstrating that protecting only common ports is insufficient.

“This report sheds light on a rapidly evolving attack surface and represents a groundbreaking effort in API security research,” said Ivan Novikov, CEO and founder at Wallarm. “APIs are the foundation of modern applications, but their widespread deployment and inadequate protection make them an attractive target for attackers. We hope this research helps organizations invest in strong protection for their APIs.”

Wallarm’s full report offers actionable insights and recommendations to safeguard APIs. To access the full research report and learn more about securing your APIs, visit http://www.wallarm.com/resources/api-honeypot-report.

Related:Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaign

Wallarm Releases API Honeypot Report Highlighting API Attack Trends

Pallet liquidation is an attractive playing field for online scammers. Will you receive goods or get your credit card details stolen?

Pallet liquidation scams target people looking to purchase pallets of supposedly discounted merchandise, often from major retailers like Amazon.

Groups that engage in pallet liquidation sales are rampant on social media and it’s hard to discern the scammers from the legitimate ones (to be honest, I’ve always thought they were all scams, until someone told me there are legitimate ones), let alone the grey area in between.

The scams are based on the fact that many products are returned and can not be sold again for various reasons. But companies also offer overstock and out-of-season apparel for sale. Most of these companies have the first buyers sign non-disclosure agreements (NDAs) so when you scroll through different legitimate liquidation websites and marketplaces the origin of the pallet is almost never stated.

Depending on the reason of sale and the origin, the pallets may include a large quantity of one product or a mix of products, such as overstock or discontinued items, customer returns, or refurbished goods.

Given that the pallet liquidation market is a billion-dollar industry, it inevitably attracts scammers seeking to grab a piece of the action without putting in the work or risk.

In social media groups that specialize in pallet liquidation, you’ll find advertisements that promise valuable merchandise at significantly discounted prices, such as electronics, tools, or other high-demand items.

Facebook pallet liquidation ad

You’ll also see sponsored ads on social media about pallet sales (note: these are almost always fake).

The risk of not receiving what you have paid for is an obvious one, but some of these scammers will go the extra mile and set up fake websites where they will try and harvest payment details.

**How to steer clear of pallet liquidation scams**

If you’re really looking to try your luck at this, there are a few tips that can help you get your money’s worth.

The first thing to keep in mind is the higher up you are in the chain, the better your chances of making a profit are. It usually also means buying large quantities (I’m talking about truckloads) and larger investments. And most sellers do not have a return policy. I realize the large shipments are not for everyone, so here are some things to remember:

**Red flags:**

Unbelievable prices. The people you’re buying from are not stupid. If they are offering goods for unbelievable prices, don’t take their word for it.

Payment methods. Sellers who insist on payment methods that do not offer buyer protection are likely scammers.

Only payment options without buyer protection

Lack of manifest. Sellers that are unwilling to disclose any information about the content of a pallet shouldn’t be trusted. There is definitely a higher risk of damaged items.

Time pressure. Slogans like “Act now!” or “Only 3 left” are often used to create a false sense of urgency, hoping victims will purchase without applying the research below.

**Research the seller:**

Find **contact information** and check the validity. Legitimate liquidation sites provide clear and easily accessible contact details, including physical address, phone number, and email address. Be wary of sites that lack this information or provide vague or unreliable contact details.

Verify the **physical address** of the liquidation site through online maps or directories. A legitimate company is more likely to have a verifiable physical presence. After all, you can hardly receive these pallets in a PO box.

For a website you can use online tools to find the **domain age and registration**. Legitimate domains have a longer history so they are easier to research. New domains should be regarded as suspicious, since scammers have the habit of moving on to the next domain leaving bad reviews behind.

Check if the website is listed on the Better Business Bureau (BBB) website and **review their rating and any associated complaints**. It also allows you to check how long they’ve been in business.

Do an **online search** for the name of the company and combine it with terms like “scam” or “complaint” to help you find problems others may have run into in dealing with this company.

Don’t trust **sponsored ads.** We have heard of scammers that can afford to pay millions to advertise on Meta, Google, and other platforms and still make a handsome profit.

Use **web protection** like Malwarebytes Browser Guard. It flags malicious websites and credit card skimmers that steal your information.

**Too late?**

If you suspect that your payment card details have been stolen, these are the recommended actions:

*   Regularly check account and card statements and notify your bank about any suspicious activity.
*   Where possible, set up fraud alerts with your bank or payment card provider.
*   Change the password and enable multi-factor authentication if you haven’t already.
*   Freeze your credit so nobody can open any new accounts in your name.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Pallet liquidation scams and how to recognize them 

KEY SUMMARY POINTS Cybersecurity researchers Dr. Web have uncovered a new and active Linux malware campaign aimed at…

****KEY SUMMARY POINTS****

*   **New Linux Malware Campaign**: Cybersecurity researchers identified an active Linux malware campaign leveraging eBPF technology and targeting businesses and users globally.

*   **eBPF Exploitation**: Hackers are abusing eBPF’s low-level capabilities to hide activities, gather data, and bypass security measures, making detection challenging.

*   **Trojan Deployment**: Attackers use eBPF rootkits to conceal their presence and drop remote access Trojans capable of tunnelling traffic and maintaining communication within private networks.

*   **Public Platforms for Command Control**: Instead of private servers, malware configurations are stored on public platforms like GitHub and blogs, disguising malicious activity as legitimate.

*   **Rising eBPF Malware**: The use of eBPF-based malware, including families like Boopkit and BPFDoor, is increasing, with over 100 new vulnerabilities discovered in 2024 alone.

Cybersecurity researchers Dr. Web have uncovered a new and active Linux malware campaign aimed at businesses and users in Southeast Asia. The discovery came during an investigation into a malware attack reported by one of their clients.

The investigation began when a client approached Dr. Web with concerns about a possible compromise in their computer infrastructure. Upon analyzing the client’s data, Dr. Web identified multiple similar cases, indicating a large-scale and active campaign. Despite the initial uncertainty about how the attackers gained access, the researchers successfully tracked the initial stages of the attack.

****Exploiting eBPF Technology****

Researchers found that hackers have been abusing eBPF (extended Berkeley Packet Filter) technology in their attacks. For your information, eBPF is originally designed to provide better control over the Linux operating system’s network functions.

What’s noteworthy is the growing attention around eBPF, especially after August 2021, when tech giants like Google, Isovalent, Meta, Microsoft, and Netflix collaborated to establish the eBPF Foundation under the Linux Foundation to support the growth and adoption of eBPF technologies.

However, in the ongoing attack, eBPF’s low-level capabilities have allowed attackers to hide network activity, gather sensitive information, and bypass security measures. This has made it difficult for researchers to detect, and a lucrative opportunity for hackers particularly for advanced persistent threat (APT) groups looking to maintain long-term access to a target system.

In this specific campaign, as detailed by Dr. Web in its report published on December 10, the attackers used eBPF to load two rootkits. The first, an eBPF rootkit, hid the presence of a second rootkit, which then dropped a remote access Trojan (Trojan.Siggen28.58279 or Trojan:Win32/Siggen.GR!MTB) capable of tunnelling traffic, allowing attackers to communicate with infected devices even within private networks.

****Hiding in Plain Sight: Public Platforms as Command Centers****

The threat actors have also changed how they store their malware configurations. Instead of relying on private command-and-control servers, they are using popular, publicly accessible platforms.

The malware analyzed by Dr. Web was found retrieving settings from platforms like GitHub and even a Chinese cybersecurity blog. This tactic makes the malicious traffic appear legitimate, as it combines it with normal network activity. It also eliminates the need for the attackers to maintain separate control infrastructure, which can be more easily detected and shut down.

Screenshot shows malware hosted on GitHub and a Cybersecurity blog in Chinese language (Via Dr. Web)

Nevertheless, since 2023, the use of malicious eBPF software has been on the rise, with several malware families emerging, including Boopkit, BPFDoor, and Symbiote. The discovery of numerous vulnerabilities in eBPF technology has further worsened the situation.

This ongoing cyberattack is yet another example of how far government-backed hackers and cybercriminals are willing to go without fear of consequences. Their tactics, including exploiting advanced technologies like eBPF and using public platforms for configuration storage, make this quite clear.

1.  Telegram-Controlled TgRat Trojan Targets Linux Servers
2.  Play Ransomware Variant Targeting Linux ESXi Environments
3.  North Korean Hackers Deploy Linux Malware for ATM Cashouts
4.  Linux Malware ‘Perfctl’ Targets Millions by Mimicking System Files
5.  Godot Engine Abused to Drop Malware on Windows, macOS, Linux

Hackers Exploiting Linux eBPF to Spread Malware in Ongoing Campaign

With AI, it's not only the sky that's the limit, it's the entire universe.

This is no secret, online criminals are leveraging artificial intelligence (AI) and large language models (LLMs) in their malicious schemes. While AI tends to be abused to trick people (i.e. deepfakes) in order to gain something, sometimes, it is meant to defeat computer security programs.

With AI, this process has just become easier and we are seeing more and more cases of fake content produced for deception purposes. In the criminal underground, web pages or sites that are meant to be decoys are sometimes called “white pages,” as opposed to the “black pages” (malicious landing pages).

In this blog post, we take a look at a couple of examples where threat actors are buying Google Search ads and using AI to create white pages. The content is unique and sometimes funny if you are a real human, but unfortunately a computer analyzing the code would likely give it a green check.

**Fake-faced executives**

The first example is a phishing campaign targeting Securitas OneID. The threat actors are very cautious about avoiding detection by running ads that most of the time redirect to a completely bogus page unrelated to what one would expect, namely a phishing portal.

It did cross our minds they could very well be trolling security researchers, but if that was truly the case, why not simply go for Rick Astley’s _Never Gonna Give You Up_?

The entire site was created with AI, including the team’s faces. While in the past, criminals would go for stock photos or maybe steal a Facebook profile, now it’s easier and faster to make up your own, and it’s even copyright-free!

When Google tries to validate the ad, they will see this cloaked page with pretty unique content and there is absolutely nothing malicious with it.

**Parsec and the universe**

Our second example is another Google ad for Parsec this time, a popular remote desktop program used by gamers.

It so happens that a parsec is also an astronomical measurement unit and the threat actors (or should we say AI) went wild with it, creating a white page heavily influenced by Star Wars:

The artwork, including posters, is actually quite nice, even for a non-fan.

Once again, this cloaked content is a complete diversion which will take detection engines for a ride.

**AI vs AI: humans to the rescue**

These are just some of the many examples of AI being misused. In the early days of deepfakes, one may remember companies already training AI to detect AI.

There will naturally be content produced by AI for legitimate reasons. After all, nothing prohibits anyone from creating a website entirely with AI, simply because it’s a fun thing to do.

In the end, AI can be seen as a tool which on its own is neutral but can be placed in the wrong hands. Because it is so versatile and cheap, criminals have embraced it eagerly.

Ironically, it is quite straightforward for a real human to identify much of the cloaked content as just fake fluff. Sometimes, things just don’t add up and are simply comical. Do jokes trigger the same reaction in an AI engine as they would to a human? It doesn’t seem like it… yet.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 AI-generated malvertising &#8220;white pages&#8221; are fooling detection engines 

Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click "yes" to a Google prompt on his mobile device.

Image: Shutterstock, iHaMoo.

**Adam Griffin** is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real **Google** phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

Griffin is a battalion chief firefighter in the Seattle area, and on May 6 he received a call from someone claiming they were from Google support saying his account was being accessed from Germany. A Google search on the phone number calling him — **(650) 203-0000** — revealed it was an official number for Google Assistant, an AI-based service that can engage in two-way conversations.

At the same time, he received an email that came from a google.com email address, warning his Google account was compromised. The message included a “Google Support Case ID number” and information about the Google representative supposedly talking to him on the phone, stating the rep’s name as “Ashton” — the same name given by the caller.

Griffin didn’t learn this until much later, but the email he received had a real google.com address because it was sent via Google Forms, a service available to all **Google Docs** users that makes it easy to send surveys, quizzes and other communications.

A phony security alert Griffin received prior to his bitcoin heist, via Google Forms.

According to tripwire.com’s **Graham Cluely**, phishers will use Google Forms to create a security alert message, and then change the form’s settings to automatically send a copy of the completed form to any email address entered into the form. The attacker then sends an invitation to complete the form to themselves, not to their intended victim.

“So, the attacker receives the invitation to fill out the form – and when they complete it, they enter their intended victim’s email address into the form, not their own,” Cluely wrote in a December 2023 post. “The attackers are taking advantage of the fact that the emails are being sent out directly by Google Forms (from the google.com domain). It’s an established legitimate domain that helps to make the email look more legitimate and is less likely to be intercepted en route by email-filtering solutions.”

The fake Google representative was polite, patient, professional and reassuring. Ashton told Griffin he was going to receive a notification that would allow him to regain control of the account from the hackers. Sure enough, a Google prompt instantly appeared on his phone asking, “Is it you trying to recover your account?”

Adam Griffin clicked “yes,” to an account recovery notification similar to this one on May 6.

Griffin said that after receiving the pop-up prompt from Google on his phone, he felt more at ease that he really was talking to someone at Google. In reality, the thieves caused the alert to appear on his phone merely by stepping through Google’s account recovery process for Griffin’s Gmail address.

“As soon as I clicked yes, I gave them access to my Gmail, which was synched to **Google Photos**,” Griffin said.

Unfortunately for Griffin, years ago he used Google Photos to store an image of the secret seed phrase that was protecting his cryptocurrency wallet. Armed with that phrase, the phishers could drain all of his funds.

“From there they were able to transfer approximately $450,000 out of my Exodus wallet,” Griffin recalled.

Griffin said just minutes after giving away access to his Gmail account he received a call from someone claiming to be with Coinbase, who likewise told him someone in Germany was trying to take over his account.

Griffin said a follow-up investigation revealed the attackers had used his Gmail account to gain access to his Coinbase account from a VPN connection in California, providing the multi-factor code from his Google Authenticator app. Unbeknownst to him at the time, Google Authenticator by default also makes the same codes available in one’s Google account online.

But when the thieves tried to move $100,000 worth of cryptocurrency out of his account, Coinbase sent an email stating that the account had been locked, and that he would have to submit additional verification documents before he could do anything with it.

**GRAND THEFT AUTOMATED**

Just days after Griffin was robbed, a scammer impersonating Google managed to phish 45 bitcoins — approximately $4,725,000 at today’s value — from **Tony**, a 42-year-old professional from northern California. Tony agreed to speak about his harrowing experience on condition that his last name not be used.

Tony got into bitcoin back in 2013 and has been investing in it ever since. On the evening of May 15, 2024, Tony was putting his three- and one-year-old boys to bed when he received a message from Google about an account security issue, followed by a phone call from a “Daniel Alexander” at Google who said his account was compromised by hackers.

Tony said he had just signed up for Google’s **Gemini AI** (an artificial intelligence platform formerly known as “Bard”), and mistakenly believed the call was part of that service. Daniel told Tony his account was being accessed by someone in Frankfurt, Germany, and that he could evict the hacker and recover access to the account by clicking “yes” to the prompt that Google was going to send to his phone.

The Google prompt arrived seconds later. And to his everlasting regret, Tony clicked the “Yes, it’s me” button.

Then came another call, this one allegedly from security personnel at **Trezor**, a company that makes encrypted hardware devices made to store cryptocurrency seed phrases securely offline. The caller said someone had submitted a request to Trezor to close his account, and they forwarded Tony a message sent from his Gmail account that included his name, Social Security number, date of birth, address, phone number and email address.

Tony said he began to believe then that his Trezor account truly was compromised. The caller convinced him to “recover” his account by entering his cryptocurrency seed phrase at a phishing website (**verify-trezor\[.\]io**) that mimicked the official Trezor website.

“At this point I go into fight or flight mode,” Tony recalled. “I’ve got my kids crying, my wife is like what the heck is going on? My brain went haywire. I put my seed phrase into a phishing site, and that was it.”

Almost immediately, all of the funds he was planning to save for retirement and for his children’s college fund were drained from his account.

“I made mistakes due to being so busy and not thinking correctly,” Tony told KrebsOnSecurity. “I had gotten so far away from the security protocols in bitcoin as life had changed so much since having kids.”

Tony shared this text message exchange of him pleading with his tormentors after being robbed of 45 bitcoins.

Tony said the theft left him traumatized and angry for months.

“All I was thinking about was protecting my boys and it ended up costing me everything,” he said. “Needless to say I’m devastated and have had to do serious therapy to get through it.”

**MISERY LOVES COMPANY**

Tony told KrebsOnSecurity that in the weeks following the theft of his 45 bitcoins, he became so consumed with rage and shame that he was seriously contemplating suicide. Then one day, while scouring the Internet for signs that others may have been phished by Daniel, he encountered Griffin posting on Reddit about the phone number involved in his recent bitcoin theft.

Griffin said the two of them were initially suspicious of each other — exchanging cautious messages for about a week — but he decided Tony was telling the truth after contacting the FBI agent that Tony said was working his case. Comparing notes, they discovered the fake Google security alerts they received just prior to their individual bitcoin thefts referenced the same phony “Google Support Case ID” number.

Adam Griffin and Tony said they received the same Google Support Case ID number in advance of their thefts. Both were sent via Google Forms, which sends directly from the google.com domain name.

More importantly, Tony recognized the voice of “Daniel from Google” when it was featured in an interview by **Junseth**, a podcaster who covers cryptocurrency scams. The same voice that had coaxed Tony out of his considerable cryptocurrency holdings just days earlier also had tried to phish Junseth, who played along for several minutes before revealing he knew it was a scam.

Daniel told Junseth he was a teenager and worked with other scam callers who had all met years ago on the game **Minecraft**, and that he recently enjoyed a run of back-to-back Gmail account compromises that led to crypto theft paydays.

“No one gets arrested,” Daniel enthused to Junseth in the May 7 podcast, which quickly went viral on social media. “It’s almost like there’s no consequences. I have small legal side hustles, like businesses and shit that I can funnel everything through. If you were to see me in real life, I look like a regular child going to school with my backpack and shit, you’d never expect this kid is stealing all this shit.”

Daniel explained that they often use an automated bot that initiates calls to targets warning that their account is experiencing suspicious activity, and that they should press “1” to speak with a representative. This process, he explained, essentially self-selects people who are more likely to be susceptible to their social engineering schemes. \[It is possible — but not certain — that this bot Daniel referenced explains the incoming call to Griffin from Google Assistant that precipitated his bitcoin heist\].

Daniel told Junseth he and his co-conspirators had just scored a $1.2 million theft that was still pending on the bitcoin investment platform SwanBitcoin. In response, Junseth tagged SwanBitcoin in a post about his podcast on Twitter/X, and the CEO of Swan quickly replied that they caught the $1.2 million transaction that morning.

Apparently, Daniel didn’t appreciate having his voice broadcast to the world (or his $1.2 million bitcoin heist disrupted) because according to Junseth someone submitted a baseless copyright infringement claim about it to Soundcloud, which was hosting the recording.

The complaint alleged the recording included a copyrighted song, but that wasn’t true: Junseth later posted a raw version of the recording to Telegram, and it clearly had no music in the background. Nevertheless, Soundcloud removed the audio file.

“All these companies are very afraid of copyright,” Junseth explained in a May 2024 interview with the podcast whatbitcoindid.com, which features some of the highlights from his recorded call with Daniel.

“It’s interesting because copyright infringement really is an act that you’re claiming against the publisher, but for some reason these companies have taken a very hard line against it, so if you even claim there’s copyrighted material in it they just take it down and then they leave it to you to prove that you’re innocent,” Junseth said. “In Soundcloud’s instance, part of declaring your innocence is you have to give them your home address and everything else, and it says right on there, ‘this will be provided to the person making the copyright claim.'”

**AFTERMATH**

When Junseth asked how potential victims could protect themselves, Daniel explained that if the target doesn’t have their Google Authenticator synced to their Google cloud account, the scammers can’t easily pivot into the victim’s accounts at cryptocurrency exchanges, as they did with Griffin.

By default, Google Authenticator syncs all one-time codes with a Gmail user’s account, meaning if someone gains access to your Google account, they can then access all of the one-time codes handed out by your Google Authenticator app.

To change this setting, open Authenticator on your mobile device, select your profile picture, and then choose “Use without an Account” from the menu. If you disable this, it’s a good idea to keep a printed copy of one-time backup codes, and to store those in a secure place.

You may also wish to download Google Authenticator to another mobile device that you control. Otherwise, if you turn off cloud synching and lose that sole mobile device with your Google Authenticator app, it could be difficult or impossible to recover access to your account if you somehow get locked out.

Griffin told KrebsOnSecurity he had no idea it was so easy for thieves to take over his account, and to abuse so many different Google services in the process.

“I know I definitely made mistakes, but I also know Google could do a lot better job protecting people,” he said.

In response to questions from KrebsOnSecurity, Google said it can confirm that this was a narrow phishing campaign, reaching a “very small group of people.”

“We’re aware of this narrow and targeted attack, and have hardened our defenses to block recovery attempts from this actor,” the company said in a written statement, which emphasized that the real Google will never call you.

“While these types of social engineering campaigns are constantly evolving, we are continuously working to harden our systems with new tools and technical innovations, as well as sharing updated guidance with our users to stay ahead of attackers,” the statement reads.

Both Griffin and Tony say they continue to receive “account security” calls from people pretending to work for Google or one of the cryptocurrency platforms.

“It’s like you get put on some kind of list, and then those lists get recycled over and over,” Tony said.

Griffin said that for several months after his ordeal, he accepted almost every cryptocurrency scam call that came his way, playing along in the vain hope of somehow tricking the caller into revealing details about who they are in real life. But he stopped after his taunting caused one of the scammers to start threatening him personally.

“I probably shouldn’t have, but I recorded two 30-minute conversations with these guys,” Griffin said, acknowledging that maybe it wasn’t such a great idea to antagonize cybercriminals who clearly already knew everything about him. “One guy I talked to about his personal life, and then his friend called me up and said he was going to dox me and do all this other bad stuff. My FBI contact later told me not to talk to these guys anymore.”

Sound advice. So is hanging up whenever anyone calls you about a security problem with one of your accounts. Even security-conscious people tend to underestimate the complex and shifting threat from phone-based phishing scams, but they do so at their peril.

When in doubt: Hang up, look up, and call back. If your response to these types of calls involves anything other than hanging up, researching the correct phone number, and contacting the entity that claims to be calling, you may be setting yourself up for a costly and humbling learning experience.

Understand that your email credentials are more than likely the key to unlocking your entire digital identity. Be sure to use a long, unique passphrase for your email address, and never pick a passphrase that you have ever used anywhere else (not even a variation on an old password).

Finally, it’s also a good idea to take advantage of the strongest multi-factor authentication methods offered. For Gmail/Google accounts, that includes the use of passkeys or physical security keys, which are heavily phishing resistant. For Google users holding measurable sums of cryptocurrency, the most secure option is Google’s free Advanced Protection program, which includes more extensive account security features but also comes with some serious convenience trade-offs.

How to Lose a Fortune with Just One Bad Click

Artificial intelligence capabilities are coming to a desktop near you — with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks?

Source: 'Who is Danny' via Shutterstock

Artificial intelligence has come to the desktop.

Microsoft 365 Copilot, which debuted last year, is now widely available. Apple Intelligence just reached general beta availability for users of late-model Macs, iPhones, and iPads. And Google Gemini will reportedly soon be able to take actions through the Chrome browser under an in-development agent feature dubbed Project Jarvis.

The integration of large language models (LLMs) that sift through business information and provide automated scripting of actions — so-called "agentic" capabilities — holds massive promise for knowledge workers but also significant concerns for business leaders and chief information security officers (CISOs). Companies already suffer from significant issues with the oversharing of information and a failure to limit access permissions — 40% of firms delayed their rollout of Microsoft 365 Copilot by three months or more because of such security worries, according to a Gartner survey.

The broad range of capabilities offered by desktop AI systems, combined with the lack of rigorous information security at many businesses, poses a significant risk, says Jim Alkove, CEO of Oleria, an identity and access management platform for cloud services.

"It's the combinatorics here that actually should make everyone concerned," he says. "These categorical risks exist in the larger \[native language\] model-based technology, and when you combine them with the sort of runtime security risks that we've been dealing with — and information access and auditability risks — it ends up having a multiplicative effect on risk."

Related:Citizen Development Moves Too Fast for Its Own Good

Desktop AI will likely take off in 2025. Companies are already looking to rapidly adopt Microsoft 365 Copilot and other desktop AI technologies, but only 16% have pushed past initial pilot projects to roll out the technology to all workers, according to Gartner's "The State of Microsoft 365 Copilot: Survey Results." The overwhelming majority (60%) are still evaluating the technology in a pilot project, while a fifth of businesses haven't even reached that far and are still in the planning stage.

Most workers are looking forward to having a desktop AI system to assist them with daily tasks. Some 90% of respondents believe their users would fight to retain access to their AI assistant, and 89% agree that the technology has improved productivity, according to Gartner.

**Bringing Security to the AI Assistant**

Unfortunately, the technologies are black boxes in terms of their architecture and protections, and that means they lack trust. With a human personal assistant, companies can do background checks, limit their access to certain technologies, and audit their work — measures that have no analogous control with desktop AI systems at present, says Oleria's Alkove.

Related:Cleo MFT Zero-Day Exploits Are About to Escalate, Analysts Warn

AI assistants — whether they are on the desktop, on a mobile device, or in the cloud — will have far more access to information than they need, he says.

"If you think about how ill-equipped modern technology is to deal with the fact that my assistant should be able to do a certain set of electronic tasks on my behalf, but nothing else," Alkove says. "You can grant your assistant access to email and your calendar, but you cannot restrict your assistant from seeing certain emails and certain calendar events. They can see everything."

This ability to delegate tasks needs to become part of the security fabric of AI assistants, he says.

**Cyber-Risk: Social Engineering Both Users & AI**

Without such security design and controls, attacks will likely follow.

Earlier this year, a prompt injection attack scenario highlighted the risks to businesses. Security researcher Johann Rehberger found that an indirect prompt injection attack through email, a Word document, or a website could trick Microsoft 365 Copilot into taking on the role of a scammer, extracting personal information, and leaking it to an attacker. Rehberger initially notified Microsoft of the issue in January and provided the company with information throughout the year. It's unknown whether Microsoft has a comprehensive fix for the issue.

Related:Generative AI Security Tools Go Open Source

The ability to access the capabilities of an operating system or device will make desktop AI assistants another target for fraudsters who have been trying to get a user to take actions. Instead, they will now focus on getting an LLM to take actions, says Ben Kilger, CEO of Zenity, an AI agent security firm.

"An LLM gives them the ability to do things on your behalf without any specific consent or control," he says. "So many of these prompt injection attacks are trying to social engineer the system — trying to go around other controls that you have in your network without having to socially engineer a human."

**Visibility Into AI's Black Box**

Most companies lack visibility into and control of the security of AI technology in general. To adequately vet the technology, companies need to be able to examine what the AI system is doing, how employees are interacting with the technology, and what actions are being delegated to the AI, Kilger says.

"These are all things that the organization needs to control, not the agentic platform," he says. "You need to break it down and to actually look deeper into how those platforms actually being utilized, and how do people build and interact with those platforms."

The first step to evaluating the risk of Microsoft 365 Copilot, Google's purported Project Jarvis, Apple Intelligence, and other technologies is to gain this visibility and have the controls in place to limit an AI assistant's access on a granular level, says Oleria's Alkove.

Rather than a big bucket of data that a desktop AI system can always access, companies need to be able to control access by the eventual recipient of the data, their role, and the sensitivity of the information, he says.

"How do you grant access to portions of your information and portions of the actions that you would normally take as an individual, to that agent, and also only for a period of time?" Alkove asks. "You might only want the agent to take an action once, or you may only want them to do it for 24 hours, and so making sure that you have those kind of controls today is critical."

Microsoft, for its part, acknowledges the data-governance challenges, but argues that they are not new, just made more apparent due to AI’s arrival.

"AI is simply the latest call to action for enterprises to take proactive management of controls their unique, respective policies, industry compliance regulations, and risk tolerance should inform – such as determining which employee identities should have access to different types of files, workspaces, and other resources," a company spokesperson said in a statement.

The company pointed to its Microsoft Purview portal as a way that organizations can continuously manage identities, permission, and other controls. Using the portal, IT admins can help secure data for AI apps and proactively monitor AI use though a single management location, the company said. Google declined to comment about its forthcoming AI agent.

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Tag

#google