By Waqas
A Twitter user successfully utilized the "grandma exploit" to trick ChatGPT and acquire multiple Windows 10 codes.
This is a post from HackRead.com Read the original post: ChatGPT tricked into generating Windows 10 and Windows 11 keys

**The Twitter account of the user who managed to generate Windows activation keys on ChatGPT and Google Bard has been suspended.**

ChatGPT, the popular artificial intelligence (AI) chatbot, is at the centre of controversy as users uncover a potential security loophole. As one of the fastest-growing AI services globally, ChatGPT has gained immense popularity for its diverse functionalities. However, recent reports suggest that some users have managed to bypass certain safety measures, including the so-called “grandma” exploit.

The exploit involves leveraging ChatGPT’s capabilities to extract Windows 10 Pro keys. Astonishingly, one user successfully utilized the grandma exploit to obtain multiple Windows 10 codes, which were initially perceived as legitimate. Intrigued by this discovery, the user continued to request codes for upgrading from Windows 11 Home to Windows 11 Pro.

It all started on June 17th, 2023, when a Twitter user going by the handle of @immasiddtweets, (their Twitter account has been suspended now but here is the archived link to their now deleted tweets), claimed to have successfully generated Windows 10 Pro keys by engaging with OpenAI’s AI-powered chatbot, ChatGPT.

The user requested the chatbot to read out the keys as a way to reminisce about their deceased grandmother. Surprisingly, the chatbot responded compassionately and provided five unique Windows 10 Pro keys at no cost.

Out of curiosity, @immasiddtweets went a step further and showcased how they utilized Google Bard and ChatGPT to upgrade from Windows 11 Home to Windows 11 Pro. However, TechRadar revealed a crucial detail—the generated product keys were generic in nature.

Consequently, while it remains possible to install or upgrade Windows using these keys, users may encounter limitations and miss out on certain features available in the full Windows 11 experience.

ChatGPT and Google Bard AI generating Windows Keys for @immasiddtweets (Image: Hackread.com)

Here is a series of Tweets from users generating keys for Windows 10 and Windows 11:

*   1: “Worked on Bing too bruv, and said it so confident,” said one user while sharing a screenshot of the generated keys
*   2: ”So True,” tweeted a user with a screenshot of generated keys.
*   3: For some users, ChatGPT also generated API keys.
*   4: ”Bing fell into the trap,” said one tweet.

However, according to Windows Central, when their researchers headed to Microsoft’s Bing AI chatbot to generate Windows keys, the chatbot came up with no keys but offered words of wisdom about piracy and how such products should be bought from original sources.

Nevertheless, to ensure the integrity of their services, both ChatGPT and Google Bard have implemented robust measures to prevent users from generating unauthorized product keys. As users navigate the digital realm, it is vital to exercise caution and seek legitimate avenues for obtaining product keys, ensuring a genuine and uninterrupted Windows experience.

**RELATED ARTICLES**

1.  Europol warns of ChatGPT exploitation
2.  OpenAI ChatGPT Bug Bounty Program – Earn $200 to $20k
3.  DarkBERT: Enhancing Cybersecurity Efforts on the Dark Web
4.  100,000 Hacked ChatGPT Accounts Discovered on Dark Web
5.  ChatGPT’s False Information Generation Enables Code Malware

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

ChatGPT tricked into generating Windows 10 and Windows 11 keys

Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application.
"Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations," Trend Micro researchers said in an analysis published last week. "In this case, the distribution

Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application.

"Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations," Trend Micro researchers said in an analysis published last week. "In this case, the distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer."

Malvertising refers to the use of SEO poisoning techniques to spread malware via online advertising. It typically involves hijacking a chosen set of keywords to display bogus ads on Bing and Google search results pages with the goal of redirecting unsuspecting users to sketchy pages.

The idea is to trick users searching for applications like WinSCP into downloading malware, in this instance, a backdoor that contains a Cobalt Strike Beacon that connects to a remote server for follow-on operations, while also employing legitimate tools like AdFind to facilitate network discovery.

The access afforded by Cobalt Strike is further abused to download a number of programs to conduct reconnaissance, enumeration (PowerView), lateral movement (PsExec), bypass antivirus software (KillAV BAT), and exfiltrate customer data (PuTTY Secure Copy client). Also observed is the use of the Terminator defense evasion tool to tamper with security software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack.

In the attack chain detailed by the cybersecurity company, the threat actors managed to steal top-level administrator privileges to conduct post-exploitation activities and attempted to set up persistence using remote monitoring and management tools like AnyDesk as well as access backup servers.

"It is highly likely that the enterprise would have been substantially affected by the attack if intervention had been sought later, especially since the threat actors had already succeeded in gaining initial access to domain administrator privileges and started establishing backdoors and persistence," Trend Micro said.

The development is just the latest example of threat actors leveraging the Google Ads platform to serve malware. In November 2022, Microsoft disclosed an attack campaign that leverages the advertising service to deploy BATLOADER, which is then used to drop Royal ransomware.

It also comes as Czech cybersecurity company Avast released a free decryptor for the fledgling Akira ransomware to help victims recover their data without having to pay the operators. Akira, which first appeared in March 2023, has since expanded its target footprint to include Linux systems.

"Akira has a few similarities to the Conti v2 ransomware, which may indicate that the malware authors were at least inspired by the leaked Conti sources," Avast researchers said. The company did not disclose how it cracked the ransomware's encryption algorithm.

The Conti/TrickBot syndicate, aka Gold Ulrick or ITG23, shut down in May 2022 after suffering a series of disruptive events triggered by the onset of the Russian invasion of Ukraine. But the e-crime group continues to exist to this date, albeit as smaller entities and using shared crypters and infrastructure to distribute their warez.

IBM Security X-Force, in a recent deep dive, said the gang's crypters, which are applications designed to encrypt and obfuscate malware to evade detection by antivirus scanners and hinder analysis, are being used to also disseminate new malware strains such as Aresloader, Canyon, CargoBay, DICELOADER, Lumma C2, Matanbuchus, Minodo (formerly Domino), Pikabot, SVCReady, Vidar.

"Previously, the crypters were used predominantly with the core malware families associated with ITG23 and their close partners," security researchers Charlotte Hammond and Ole Villadsen said. "However, the fracturing of ITG23 and emergence of new factions, relationships, and methods, have affected how the crypters are used."

Despite the dynamic nature of the cybercrime ecosystem, as nefarious cyber actors come and go, and some operations partner together, shut down, or rebrand their financially motivated schemes, ransomware continues to be a constant threat.

This includes the emergence of a new ransomware-as-a-service (RaaS) group called Rhysida, which has primarily singled out education, government, manufacturing, and technology sectors across Western Europe, North and South America, and Australia.

"Rhysida is a 64-bit Portable Executable (PE) Windows cryptographic ransomware application compiled using MINGW/GCC," SentinelOne said in a technical write-up. "In each sample analyzed, the application's program name is set to Rhysida-0.1, suggesting the tool is in early stages of development."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising

XDR can lower platform costs and improve detection, but it requires committing to a few principles that go against the established way of thinking about SOC.

The cyber security operation center (SOC) model's focus has shifted to extended detection and response (XDR). Architected correctly, XDR puts less pressure and cost on the security information and event management (SIEM) system to correlate complex security alerts. It also does a better job as a single pane of glass for ticketing, alerting, and orchestrating automation and response.

XDR is a real opportunity to lower platform costs and improve detection, but it requires committing to a few principles that go against the established way of thinking about SOCs.

**Intelligent Data Pipelines and Data Lakes Are a Necessity**

_**Takeaway: A security data pipeline can remove log waste prior to storage and route logs to the most appropriate location.**_

Managing your security data pipeline intelligently can have a massive impact on controlling spending by preprocessing every log and eliminating excess waste, especially when your primary cost driver is GB per day. Consider the following example showing the before and after size of Windows Active Directory (AD) logs.

    

The average inbound event had 75 fields and a size of 3.75KB. After removing redundant and unnecessary fields, the log has 30 fields and a size of 1.18KB. That is a 68.48% reduction of SIEM storage cost.

Applying similar value analysis for where you send each log is equally important. Not all logs should be sent to the SIEM! Only logs that drive a known detection should be sent to SIEM. All others used in supporting investigations, enrichment, and threat hunting should go to the security data lake. An intelligent data pipeline can make on-the-fly routing decisions for each log and further reduce your costs.

    

    

**Focus Detection and Prevention Closest to the Threat**

_**Takeaway: Product-native detections have gotten dramatically better; the SIEM should be a last line of defense.**_

The SIEM used to be one of the only tools that could correlate and analyze raw logs and identify alerts that need to be addressed. This was largely a reflection of other tools being single-purpose and generally bad at identifying issues by themselves. As a result, it made sense to ship everything to the SIEM and create complex correlation rules to sort the signal from the noise.

Today's landscape has changed with endpoint detection and response (EDR) tools. Modern EDR is essentially SIEM on the endpoint. It has the same capabilities to write detection rules on endpoints as the SIEM has, but now there is no need to ship every bit of telemetry data into the SIEM.

EDR vendors have gotten markedly better at building and maintaining out-of-the-box detections. We have consistently seen a sizable decrease in detections and preventions attributed to the SIEM during our purple team engagements in favor of tools like EDR and next-generation firewalls (NGFW). There are exceptions like Kerberoasting (which on-premises AD doesn't have much coverage for). As you move to pure cloud for AD, even those types of detections will be handled by "edge" tools like Microsoft Defender for Endpoint.

**Play to Your SIEM Strong Suit**

_**Takeaway: Having a deliberate process to consistently measure and improve your detection capabilities is far more valuable than having any specific SIEM tool on the market.**_

Purple teaming across industries and detection ecosystems has allowed us to understand the efficacy of many modern EDR, NGFW, SIEM, and other tools. We score and benchmark purple team results and trend the improvements over time. We have found over the past five years that the SIEM you buy has no measurable correlation to purple team scores. Process, tuning, and testing are what matter.

SIEM tools have architectural differences that can make one a better or worse fit for your environment, but buying a specific SIEM to significantly improve your detection capabilities will not prove out. Instead, focus your efforts on dashboards and correlations that support threat-hunt and incident-response efforts.

**Align EDR, SIEM, and SOAR in Your XDR Architecture**

_**Takeaway: Security automation and artificial intelligence (AI)-enhanced triage is the future but should be approached with caution. Not all automation needs to exclude all human involvement.**_

The future of XDR is coupled with tightly integrated security orchestration, automation, and response (SOAR) technologies. XDR concepts recognize that what really matters is **not how fast you can detect a threat, but how fast you can neutralize a threat.** _"If this – then that"_ SOAR automation methodologies aren't effective in real-world scenarios. One of the best approaches we've seen in XDR automation is:

*   Conduct a purple team exercise to identify which current detection events are optimized (very low false positive rates) and can be trusted with an automated response.
*   Create an automated response playbook but insert human intervention steps to gain confidence before you turn it fully over to automation. We call this "semi-automation," and it's a smart first step.

XDR is a buzzword, but when viewed in a technology-agnostic fashion, it is based on good foundations. Where organizations are most likely to fail is applying legacy SIEM management philosophies to modern XDR architectures. These program design philosophies will likely improve your capabilities and reduce your costs.

**About the Author**

    

Mike Pinch joined Security Risk Advisors in 2018 after serving 6 years as the Chief Information Security Officer at the University of Rochester Medical Center. Mike is nationally recognized as a leader in the field of cybersecurity, has spoken at conferences including HITRUST, H-ISAC, and has contributed to national standards for health care and public health sector cybersecurity frameworks. Mike focuses on GCP, AWS, and Azure security, primarily in helping SOC teams improve their capabilities. Mike is an active developer and is currently enjoying weaving modern AI technologies into common cybersecurity challenges.

Architecting XDR to Save Money and Your SOC's Sanity

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2021-42307

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2021-34506

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2021-34475

CVE-2021-31982

By Waqas
According to Amazon, it has already taken significant action against 94 fraudsters operating in the United States, China, and Europe in May 2023.
This is a post from HackRead.com Read the original post: Amazon Files Lawsuits Against Fraudsters Peddling Fake Reviews

**Amazon’s action should come as no surprise that, just like the proliferation of fake news, fake reviews have also become a significant aspect of the underground scam market.**

In a determined effort to protect its customers and sellers from the growing menace of fake reviews, e-commerce giant **Amazon** has recently launched a series of lawsuits against fraudulent individuals and organizations.

These perpetrators, operating within an underground network known as the “fake review broker” industry, have been exploiting unsuspecting consumers and tarnishing the reputation of Amazon’s marketplace.

Amazon has invested substantial resources in advanced technologies, including machine learning models and expert investigators, to proactively combat fake reviews before they reach the eyes of customers.

In 2022 alone, the company successfully blocked over 200 million suspected fake reviews from appearing on its platform. Now, by targeting the facilitators of these fraudulent practices, Amazon aims to strike at the root of the problem and hold those responsible accountable.

Amazon announced significant actions taken against 94 fraudsters operating in the United States, China, and Europe. These actions were implemented as of May 2023, showcasing the technology giant’s proactive approach to tackling the issue at hand.

It should come as no surprise that, just like the proliferation of fake news, fake reviews have also become a significant aspect of the underground scam market. In fact, as of March 2020, fake reviews accounted for **50% of the threats** faced by Android-based devices, among other issues.

The seriousness of the issue is further exemplified by a notable incident in May 2021. During this incident, a misconfigured server inadvertently **exposed a staggering 7GB of well-organized schemes** employed by Amazon vendors to generate fake reviews for their products on the website.

According to a **press release** issued on June 28th, 2023, the legal actions filed by Amazon include four notable lawsuits against prominent perpetrators. Here is an overview of each case:

**Amazon v. Nice Discount:**

The owners and operators of Nice Discount have been accused of orchestrating a scheme to generate fake positive reviews and feedback through their “Product Tester Club.” Reviewers are enticed to leave fabricated positive reviews or feedback in exchange for refunds or monetary rewards. By connecting bad actors operating Amazon selling accounts with reviewers, the defendants have guided these individuals on when and how to post fake reviews, creating an illusion of authenticity. **Case No. 23-2-10603-2 SEA**.

**Amazon v. Littlesmm:**

The website Littlesmm has allegedly been selling packages of fake reviews to unscrupulous individuals operating Amazon selling accounts across Australia, Canada, and the U.S. Ranging in price from $20 to $440, these packages offer both positive and negative reviews. By employing Amazon customer accounts under their control, the defendants have orchestrated the posting of counterfeit positive reviews while simultaneously undermining their competitors’ product listings through fake negative reviews. **Case No. 23-2-10452-8 SEA.**

**Amazon v. MangoCity:**

The owners and operators of MangoCity have been accused of selling fake reviews for prices ranging from $50 to $4,000. Utilizing their website, video chats, and email correspondence, the defendants accept payments and subsequently deploy Amazon customer accounts to leave fabricated 5-star reviews on product listing pages. Additionally, they have targeted competitors by offering fake negative reviews on their products. Case No. 23-2-11278-4 SEA.

**Amazon v. Reddit Marketing Pro:**

The owners and operators of Reddit Marketing Pro have allegedly provided fraudulent services, including fake positive and negative reviews, to bad actors with Amazon selling accounts. In exchange for fees ranging from $99 for five fake reviews to $6,999 for 500 fake reviews, the defendants have employed Amazon customer accounts under their control to populate product listing pages with counterfeit reviews. They have also marketed fake “Questions and Answers” to manipulate the content displayed. Case No. 23-2-11265-2 SEA.

In a comment to Hackread.com, Chris Downie, CEO of Edinburgh, Scotland-based anti-fraud platform **Pasabi** said, “Fake review brokers play a central role in poisoning consumer decision-making, destroying businesses and inflicting untold damage on the wider economy.”

Downie added that “Whilst it’s encouraging to see Amazon taking these fraudsters to task via the legal system, so much more needs to be done to tackle the growing fake review epidemic which influences around £4bn in UK consumer spending every year.”

“By harnessing the power of AI and the latest fraud detection anti-fraud technology, review aggregators and business owners need to work together to identify and block fraudulent reviews, stamping out the problem before it gets any worse,” added Downie.

Amazon chief **David Montague**, vice president of Selling Partner Risk, said, “Our goal is to ensure that every review in Amazon’s stores is trustworthy and reflects customers’ actual experiences. Amazon welcomes authentic reviews—whether positive or negative —but strictly prohibits fake reviews that intentionally mislead customers.”

“We continue to innovate on our proactive technology to detect fake reviews and other indications of unusual behaviour. Another way we fight fake reviews is through legal action. Not only are we targeting the source of the problem but we’re sending a clear message that there’s no place for abuse in our store and we will hold fraudsters accountable,” he added.

Despite Amazon’s aggressive stance against fake review brokers, the company recognizes that this is a pervasive global problem affecting multiple industries. To address this issue effectively, a collaborative effort between the public and private sectors is required.

By taking legal action against 94 fraudsters across the United States, China, and Europe, as of May 2023, Amazon is demonstrating its commitment to combatting this menace. However, the battle against fake review brokers demands ongoing vigilance and cooperation to ensure a safe and trustworthy online marketplace for consumers and sellers alike.

1.  Brand Protection is Essential for Cybersecurity
2.  42,000 phishing domains found posing as popular brands
3.  Microsoft pwns domains used by hackers for cyber attacks
4.  Memcyco Drops Real-Time Solution to Combat Brandjacking
5.  Indian call center seized over Amazon scam against US citizens

Amazon Files Lawsuits Against Fraudsters Peddling Fake Reviews

The group has given one of Apple's biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and "points of entry" to its network publicly leaked.

Taiwan Semiconductor Manufacturing Company (TSMC) — one of Apple's biggest semiconductor suppliers — on Friday blamed a third-party IT hardware supplier for a data breach that has exposed the company to a $70 million ransom demand from the LockBit ransomware group.

In an emailed statement to Dark Reading, TSMC confirmed multiple reports about the security incident but did not say what data specifically LockBit actors might have accessed from its systems and is holding for ransom. The statement, however, described the incident as not affecting any of TSMC's business or customer information.

**Third-Party Breach**

"TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident, which led to the leak of information pertinent to server initial setup and configuration," the statement noted. It identified the third-party supplier as Kinmax Technology, a Hsinchu, Taiwan- based systems integrator that claims to work with numerous other major technology players, including Aruba, Checkpoint, Cisco, Citrix, Fortinet, Hewlett-Packard Enterprise, Microsoft, and VMware. It's unclear if any other customers are affected by the attack.

Meanwhile, a subgroup within the LockBit operation that calls itself the National Hazard Agency claimed that it has given TSMC up to Aug. 6 to pay the multimillion-dollar ransom or risk having the company's stolen data publicly leaked. The threat actor claimed that it would also publish what it described as "points of entry" into TSMC's network as well as passwords and login information for gaining access to it. The latter is catnip to cyberattackers given that TSMC is a juicy target: It reported a net income of some $34 billion on consolidated revenue of $75.8 billion in 2022.

TSMC said it had conducted a review of its hardware components and security configurations used in its systems, after Kinmax reported the incident, to determine the scope of the breach. "After the incident, TSMC has immediately terminated its data exchange with this supplier in accordance with the company’s security protocols and standard operating procedures," the statement noted. The chipmaker said it remained committed to enhancing security awareness among its suppliers and in ensuring they complied with the company's security requirements.

**IT Supplier Downplays Incident**

Kinmax said it discovered the intrusion into its systems on June 29. The company described the attacker as having breached the company's engineering test environment and accessing system installation preparation information. 

"This is the system installation environment prepared for customers," Kinmax said in a statement on the incident. "The captured content is parameter information such as installation configuration files."

The statement appeared to downplay the seriousness of the breach. "The \[breached\] information has nothing to do with the actual application of the customer. It is only the basic setting at the time of shipment," the company said. The statement did not identify TSMC by name. But it somewhat bewilderingly claimed that the chipmaker (or others) had not experienced any negative consequences. "At present, no damage has been caused to the customer and the customer has not been hacked by it," the June 30 statement noted.

In the statement shared with Dark Reading, the systems integrator expressed regret over the incident. "We would like to express our sincere apologies to the affected customers, as the leaked information contained their names which may have caused some inconvenience. The company has thoroughly investigated this incident and implemented enhanced security measures to prevent such incidents from occurring in the future," the Kinmax statement said.

TSMC is the latest among a rapidly growing number of organizations that has experienced a data breach via a third-party compromise. News of the company's predicament comes even as reports continue to pour in about numerous organizations falling victim to the Cl0p ransomware gang because of a vulnerability in Progress Software's widely used MOVEit Transfer app. Victims of that campaign so far include biopharma giant AbbVie, Siemens, Schneider Electric, the University of California at Los Angles (UCLA).

Such breaches have brought IT supply chain security into sharp focus in recent years and made it a top priority in the Biden administration's May 2021 cybersecurity executive order.

Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier

The number of malware samples is up as attackers aim to compromise users where they work and play: Their smartphones.

Attackers are increasingly targeting users through their mobile devices, attacking vulnerabilities in services that are built into applications and mounting increasing numbers of SMS phishing attacks.

That's according to mobile security firm Zimperium's 2023 "Global Mobile Threat Report," which also found that the average number of unique mobile malware samples grew 51% in 2022, totaling an average of 77,000 unique malware samples found every month. About a quarter of application samples submitted to public repositories — 23% of Android apps and 24% of iOS apps — were malicious, according to data in the report.

In total, that all contributed to the number of compromised devices nearly tripling (up 187%) in the time period, because the tactics are working: The company saw an average of four malicious phishing links clicked per device, for instance.

The trend comes as companies and their workers rely increasingly on mobile devices, with a majority of firms seeing more workers (58%) using mobile devices for business than in 2021 and most users (59%) doing more work with their mobile devices, according to the 2022 "Verizon Mobile Security Index" report. 

"Businesses and users need to mostly be concerned about mobile phishing and spyware today, and mobile ransomware will become increasingly concerning in the near future," says JT Keating, senior vice president of strategic initiatives at Zimperium. 

**Android, iOS Devices See Different Levels of Cyber Threats**

About 80% of phishing sites specifically target mobile devices with content suited to those platforms, Zimperium stated in its 2023 "Global Mobile Threat Report." But, as has been the case for many years, the Android platform tends to attract more threats. One of the reasons for that could be that the Android operating system has seen between about 500 and 900 vulnerabilities disclosed per year that threat actors can target; iOS meanwhile saw a little more than 300 vulnerabilities in five of the last eight years, according to Zimperium. 

Another reason that Android is a bigger target? App development mistakes. The firm found that there are more mistakes made in the process of developing apps when it comes to Android, particularly when it comes to how those apps interact with cloud storage instances. Only about 2% of iOS applications access unprotected cloud instances, while 10% of Android apps do so. These include database instances accessed through Google Firebase and Cloud Platform, Amazon Simple Storage Service (S3), and Microsoft Azure Cloud Storage, according to Zimperium's report. As a corollary, developers also tend to access the same poor resources, too: Only 1% of unprotected cloud instances accounted for 60% of applications at risk, the company said.

Georgy Kucherin, a security expert at Kaspersky's Global Research and Analysis Team (GReAT), says his firm's research bears out the finding that Android attracts more overall threats, though he notes that when it comes to spyware the targeting is evenly split between the two ecosystems; the recent Triangulation cyber espionage campaign for instance shows the value in targeting the iOS platform.

"Mobile users should worry about both cybercrime threats and nation-state espionage, \[but\] it is correct to say that Android faces more general threats," he says. "Android devices are more likely to become infected with malware distributed by cybercriminals. As for top-notch espionage spyware, both iOS and Android are vulnerable to it."

The lack of jailbreaking utilities for the latest version of iOS is also lowering the number of attacks for that platform, according to Zimperium. Jailbreaking allows users to add non-Apple-sanctioned software to their mobile devices, but it also removes significant security guardrails in the process. 

**Threats Up, or Leveling Off?**

In terms of the types of mobile malware that's circulating out there, Kaspersky saw fewer mobile malware installers and less ransomware in the past year, but more banking Trojans, it stated in "The Mobile Malware Threat Landscape in 2022" report.

"Cybercriminals are still working on improving both malware functionality and spread vectors," according to the report. "Malware is increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware."

To put all of this into perspective, it should be noted that traditional computing platforms still attract the lion's share of the cybercrime pie. Kaspersky, for example, blocked more than 20 million malicious installers, spyware, and adware attacks on mobile devices over the last four quarters, but blocked more than 20 times that number against more common work platforms, such as Windows. However, the mobile threat vector is not as well protected. 

"In most cases, mobile devices represent a significant, unaddressed attack surface for enterprises," Zimperium's Keating says. "No matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical."

Tag

#microsoft