The GRIT Ransomware Report Is Out: Similar Spring Seasonality Trends & Four Newly Observed Groups

Posted in Commentary with tags on June 13, 2024 by itnerd

GuidePoint Security has released its monthly GRIT Ransomware Report, unveiling that May resulted in a 33% increase overall in ransomware activity compared to April 2024, indicating a degree of seasonality given a similar increase month-over-month in May 2023 relative to April 2023.

May 2024 closed with an increase in overall victim volume. However, a deep review reveals that the rise was driven disproportionately by LockBit’s 175 posted victims, accounting for 37% of the month’s total publicly posted ransomware victims.

Active Groups Rise: GRIT continues to observe YOY increases in the number of distinct ransomware groups operating, with 38 unique groups claiming victims in May 2024, denoting a 35.7% increase from May 2023, representing increased dispersion of activity from small versus big groups like Alphv/LockBit. 

Four Notable Newcomers: GRIT began tracking four newly observed ransomware groups, which distinguish themselves with relatively quick starts, posting nearly ten victims in May 2024, which places them in the middle of the pack amongst competitors by victim volume and exceeding operational tempo.

Threat Actor Spotlight: GRIT assesses Hunters International intends to continue to increase its victim volume, implementing triple extortion operations or escalated coercive tactics as it becomes better resourced and more mature.

You can read the full report here.

Leave a comment »

New AI Intel Exposes $45M Crypto Conversation Cybercrime Campaign & Malicious Money Mule Networks

Posted in Commentary on June 13, 2024 by itnerd

Netcraft has revealed malicious financial and technical infrastructure linked to confirmed conversational (pig butchering, advanced fee fraud, investment, and romance) scams originating from actual conversations with cybercriminals by replying to lure emails and texts to disrupt threat actor networks all in real-time using AI-based personas for continued dialogue.

Netcraft’s research includes discovering a vast network of criminal bank accounts spanning 73 countries and 600+ financial institutions, 17 mule accounts in a single conversation, the top 4 crypto wallet addresses contained a staggering $45M+ (1,000 BTC), 1 in 6 conversations with criminals resulted in the details of at least one bank account being sent. 

On average, criminals send more than 32 messages despite receiving only 15 replies. Standing out in the data is that criminals are eager to engage quickly and frequently and maintain these scams over an average of more than 47 days. Conversations end with requests to buy gift cards, cryptocurrency payments, online payment providers like PayPal, WhatsApp accounts, or money remittance services such as Western Union, email addresses, and phone numbers. 

Netcraft’s exchanges obtained 40+ total points of actionable intelligence, including money mules and email addresses; found hackers impersonating the investments team at Deutsche Bank on behalf of the Central Bank of Nigeria; and another scam conversation lasting a month and about 40 messages in which the fraudster offered up four bank accounts, two crypto wallets, and 1 set of money remittance details.

You can read the details here.

Leave a comment »

Police Arrest Three For Leaking Customer Data From Desjardins

Posted in Commentary with tags on June 13, 2024 by itnerd

Back in 2019, Desjardins got in trouble in a huge way. An employee swiped a whole lot of customer data. And the problems didn’t end there. They even had to settle a huge class action lawsuit out of court to make their problems go away. But today Desjardins got some good news. Three people were picked up by cops in Quebec in relation to this incident:

Laval police say they arrested three suspects Wednesday in connection to a massive data breach at Desjardins Group made public in 2019.

Imad Jbara, 33, and Ayoub Kourdal, 36, were charged with fraud, trafficking in identity information and identity theft. The third suspect has yet to appear in court.

An arrest warrant was also issued for a fourth suspect.

Honestly, I would love to see more arrests when these sort of things happen. That would serve as a significant deterrent to the forces of evil so to speak. It’s not going to happen, but one can hope.

Leave a comment »

Elon Musk Gets Community Noted And Trolled On Twitter Over His Apple Intelligence/OpenAI Rantings

Posted in Commentary with tags on June 12, 2024 by itnerd

This has become too funny. After going absolutely looney tunes because of Apple Intelligence and its association with OpenAI, then getting spanked by OpenAI, Elon is getting flack on Twitter. As in his own social media platform. Let me illustrate:

For starters he got community noted over the fact that what he said was factually incorrect. But it didn’t stop there. He then got trolled by Twitter users:

I think you get the point.

Elon at this point looks like a major loser because he did his “ready, fire, aim” thing that he’s known for. The fact that he calls himself an engineer and didn’t even get the basic facts right about Apple’s association with OpenAI shows that perhaps he is a loser. Thus he’s deserving of getting trolled by Twitter users. While I wish this would make him do some self reflection and alter his behaviour as a result, I’m asking for too much as Elon isn’t that sort of guy. Otherwise he would have done that sort of self reflection years ago, and we would not be talking about this as a result.

1 Comment »

OpenAI Fires Back At Elon Musk Over His Tweetstorm

Posted in Commentary with tags on June 12, 2024 by itnerd

I swear, this will be fun to watch.

You might recall that Elon Musk went absolutely insane on Twitter after the Apple Intelligence announcement because of the involvement of OpenAI. As part of that he was saying things that at first glance do not seem to be true. Well, OpenAI has decided to return fire via Fortune Magazine:

A top OpenAI executive defended her company against Elon Musk, a day after the billionaire CEO described the integration of OpenAI’s chatbot technology into Apple iPhones as “creepy spyware.”

“That’s his opinion. Obviously I don’t think so,” Mira Murati, chief technology officer at OpenAI, said on stage at Fortune’s MPW dinner in San Francisco on Tuesday. “We care deeply about the privacy of our users and the safety of our products.”

And:

In her answers on Tuesday, Murati hammered home the idea that OpenAI is intensely focused on user privacy and security. “We’re trying to be as transparent as possible with the public,” she said, adding that “the biggest risk is that stakeholders misunderstand the technology.”

I seriously think that this has less to do about what Apple and OpenAI are doing, along with user safety, and more to do with the fact that Elon isn’t involved. Or he’s afraid that this will destroy his Grok AI because of the scale of Apple and Open AI. So he’s being as mature as a two year old as a result. Although I will concede this point. By Murati saying that “We’re trying to be as transparent as possible with the public” does leave some room for doubt. Another thing to point out is that using OpenAI’s ChatGPT4 is a choice. As in every time Apple Intelligence feels that the query would benefit from using ChatGPT4, it will ask you. And Apple Intelligence removes user identifiable data from any query involving ChatGPT4. Which means that Elon’s rants aren’t valid. Thus it might be in everyone’s interest to ignore Elon .

Leave a comment »

HP Releases Their 2023 Sustainable Impact Report

Posted in Commentary with tags on June 12, 2024 by itnerd

Today, HP published its 2023 Sustainable Impact Report, developed in partnership with Oxford Economics, revealing how 76% of leaders believe technology is key to expanding economy opportunity and that artificial intelligence will help drive progress towards sustainability and social impact goals. The study of business executives and government officials in 10 countries found that business leaders are either already using AI or plan to in the next 1-2 years for goals such as increasing access to digital education (90%), workforce development (89%), and workforce diversity (86%).

The study also highlights an increased emphasis on mutual trust between the public and private sector, suggesting that collaboration remains essential for increasing adoption and digitization.

Canadian findings include:

  • 89% of Canadian business respondents feel supported by the government to pursue environmental and social initiatives, compared to a 72% global average.
  • 83% of Canadian business respondents trust government to implement policies to help invest in social progress compared to 72% globally.
  • 88% of Canadian officials trust the private sector to drive social progress.

You can read the full report here.

Leave a comment »

Horizon3.ai Appoints Jill Passalacqua as Chief Legal Officer

Posted in Commentary with tags on June 12, 2024 by itnerd

Horizon3.ai, a leading provider of autonomous security solutions, today announced the appointment of Jill Passalacqua as Chief Legal Officer (CLO), effective immediately. 

As Chief Legal Officer, Jill leads Horizon3.ai’s legal department, bringing extensive experience in advising prominent public and private technology companies. Her expertise is crucial for Horizon3.ai during its rapid growth phase, driven by the global adoption of their autonomous penetration testing solution, NodeZero™. This solution empowers IT teams, security professionals, consulting pentesters, medium and large enterprises, and MSSPs to continuously perform autonomous cyber risk assessments for themselves and their clients.

Before joining Horizon3.ai, Jill was the Chief Legal Officer at JumpCloud, where she played a pivotal role in shaping the company’s legal framework. She also held General Counsel positions at Harness and Avi Networks where she led the corporate legal strategy and operations, and facilitated substantial growth, including a successful acquisition by VMware. 

Before Avi Networks, Jill was at FireEye, where she managed the commercial team, built the global compliance and legal operations functions, and managed international expansion and M&A integration. Prior to FireEye, Jill spent 12 years at NetApp and was a key contributor to the growth and expansion of the legal department. She was responsible for corporate securities, public company reporting and compliance, commercial contracts, and building the company-wide commercial legal team. 

Jill serves on the board of directors of the Palisades Tahoe Community Foundation and has offered invaluable guidance as an advisor to several early-stage technology companies. Jill received her B.A. from the University of California, Los Angeles and her J.D. (Juris Doctor) from Santa Clara University.

Leave a comment »

Hackers Have Pwned Tile…. And It’s Not Good

Posted in Commentary with tags on June 12, 2024 by itnerd

For the three of you who still use Tile bluetooth trackers, I have bad news for you. The company has been pwned. And while this isn’t as bad as it could have been. It’s pretty bad. Here’s the key details:

A hacker has gained access to internal tools used by the location tracking company Tile, including one that processes location data requests for law enforcement, and stolen a large amount of customer data, such as their names, physical addresses, email addresses, and phone numbers, according to samples of the data and screenshots of the tools obtained by 404 Media.

The stolen data itself does not include the location of Tile devices, which are small pieces of hardware users attach to their keys or other items to monitor remotely. But it is still a significant breach that shows how tools intended for internal use by company workers can be accessed and then leveraged by hackers to collect sensitive data en masse. It also shows that this type of company, one which tracks peoples’ locations, can become a target for hackers.

“Basically I had access to everything,” the hacker told 404 Media in an online chat. The hacker says they also demanded payment from Tile but did not receive a response.

That’s not good. Now the limit of this hack is limited because Tile’s business fell off a cliff the second that Apple AirTags appeared. But if your data is still in Tile’s systems, you have a problem.

Sidebar: It may be too late now, but if you want to delete your Tile account click here.

Anyway, I want to point out how the hacker got in:

The hacker says they obtained login credentials for a Tile system that they believe belonged to a former Tile employee. 

That’s bad. Clearly Tile dropped the ball here. And that continued with how they responded to 404 Media. Check this out:

Tile told 404 Media in a statement “Recently, an extortionist contacted us, claiming to have used compromised Tile admin credentials to access a Tile system and customer data. We promptly initiated an investigation into the potential incident. Our investigation detected that certain admin credentials were used by an unauthorized party to access a Tile customer support platform, but not our Tile service platform. The Tile customer support platform contains limited customer information, such as names, addresses, email addresses, phone numbers, and Tile device identification numbers. It does not include more sensitive information, such as credit card numbers, passwords or log-in credentials, location data, or government-issued identification numbers.”

“We disabled the credentials and took swift action designed to prevent any future unauthorized access to the Tile customer support platform and associated Tile customer data. At this time, we are confident there is no continued unauthorized access to the Tile customer support platform,” the statement continued.

Tile suggested in its statement that it was not aware of what data had been taken until 404 Media shared samples of the data for more verification. “Once you supplied us with additional data, we investigated further and determined that it is likely data from the impacted Tile customer support platform.  We thank you for bringing this new information to our attention,” it read.

Tile also published a version of this statement on its website, but only after 404 Media contacted the company for comment and proved to it that the stolen data was accurate.

Tile did not respond directly when asked if the hacker had the required access to perform a location data request.

Clearly Tile is clueless. I am certain that this is not going to be the last of this story. And secondary attacks against Tile customers are sure to come. And the blame for this rests solely with Tile. They and their corporate masters Life360 going forward don’t deserve a cent from you going forward as they clearly don’t have a clue when it comes to keeping your personal data secure. Not that I am shocked by that.

Leave a comment »

Apple Intelligence Announced…. What Does An Expert Think Of It?

Posted in Commentary with tags on June 12, 2024 by itnerd

On Monday at WWDC, Apple announced Apple Intelligence which is Apple’s spin on AI. You can read the marketing fluff here. But if you want a FAQ that will answer all your questions, this should help you. But the bottom line is that it’s supposed to be truly useful while being truly private. In fact Apple spent a lot of time talking about the privacy aspects of Apple Intelligence and how the company is open to having people verify its claims. To get another perspective on this, Kevin Surace, Chair, Token & “Father of the Virtual Assistant” had this to say:

Apple has taken a “privacy and security first” approach to handling all generative AI interactions that must be processed in the cloud. No one else comes close at this point, and no one else has spelled out with full transparency how they intend to meet that high bar. More information can be found here: https://security.apple.com/blog/private-cloud-compute/.

Note that, at least for now, this is for Apple hardware product users who must trust that what they say to the AI is private to them and can never be stolen or learned from. It’s possible that some enterprises will evaluate the strength of this and allow their employees to use Apple devices with Apple Intelligence without fear.

Apple didn’t exactly state what silicon they used here. Is it a custom GPU cluster they designed or their own M4 processors, which include a neural engine and substantial GPU resources? But in typical Apple fashion, they have vertically integrated everything and taken ownership of its security from top to bottom. It’s impressive and ahead of AWS, Microsoft, and Google cloud offerings for LLMs thus far, even if it is just in support of Apple Intelligence features.

Apple has set the bar for absolute privacy and security of generative AI interactions. Everyone else will need to scramble now to meet this bar. This may allow enterprises to trust the Apple infrastructure for routine Apple Intelligence interactions, even those that include some corporate data.

Apple has developed its own foundation models that are very impressive but don’t yet beat out GPT-4. They publish their comparisons here: https://machinelearning.apple.com/research/introducing-apple-foundation-models. While Apple has not said what its partnership with OpenAI entails, they hint that when GPT-4 (or GPT-5 perhaps) is required for more accuracy, they will use it. To ensure absolute privacy, they would need to host it themselves in their Private Cloud Compute. They didn’t state that yesterday, so I suspect that the ink is still drying on those agreements with details to be worked out. But bouncing out to GPT-4 anytime won’t work. They suggested there would be an opt-in to that, so perhaps users give up some privacy when they opt to use GPT-4. How safe is OpenAI? They do provide various levels of private operation, but no one really knows how safe, secure, and non-sharing it actually is. While Apple has published an extensive security white paper, OpenAI has a short ChatGPT Enterprise privacy note, which certainly isn’t convincing Elon Musk it’s safe.

Apple has set the bar for absolute privacy and security of generative AI interactions. This may allow enterprises to trust the Apple infrastructure for routine Apple Intelligence interactions, even those that include some corporate data. This is a world-class effort, one where they are inviting security experts to poke holes in their approach. I’d say it appears as rock solid as anything we have seen.

All data to the cloud is encrypted, so a simple man-in-the-middle attack won’t work. From what they are saying, one would have to break into their network, but they don’t even have any debugging tools enabled in runtime—no privileged runtime access. They even took major precautions against actual physical access (basically breaking into the data center). They state that they have made this so secure and so encrypted with no storage of your information that it isn’t a target. I’d say this is state-of-the-art from the silicon to the outer doors of the facility.

Apple is stating that they are using their own foundation models in the network and the devices. That’s first and foremost. Then they note a partnership with OpenAI, to be used only when required, and they will also use the best of breed models. They seem to be hedging their bets here. OpenAI is a bit of a black box. But I suspect either Apple will host it themselves or demand a very private instance for their users, and users have to opt-in to its use. They failed to give us more details on the partnership, so time will tell, but it’s clear Apple takes privacy and security seriously, and they realize the hesitancy when they mention OpenAI. My bet is they will do this right, and it won’t be an issue.

While I don’t trust any company completely, I trust Apple more than I trust most companies. Thus I will be taking a dive into the Apple Intelligence pool when it comes out. If it improves Siri, that alone would be worth it. But in all seriousness, the privacy first approach is a win in my mind for users.

Leave a comment »

Today Is Patch Tuesday…. It’s Patching Time!

Posted in Commentary with tags on June 11, 2024 by itnerd

Today is “Patch Tuesday” and Neowin and Bleeping Computer have the list of fixes that are included for these patches for Windows 11 and 10. Those articles are worth a read.

 Tom Marsland, VP of Technology, Cloud Range, and Board Chairman of VetSec had these comments:

Today’s Patch Tuesday from Microsoft fixes a publicly disclosed zero-day, a design issue in the Domain Name System Security Extensions (DNSSEC) that could be exploited to cause a denial-of-service attack in vulnerable DNS resolvers. According to researchers that found the vulnerability (which had been present in DNSSEC for the better part of two decades), an attacker “could completely disable large parts of the worldwide Internet.”

This patch Tuesday fixed quite a few remote code execution vulnerabilities, however, the vulnerabilities do require local access to the vulnerabilities in question. These attacks could’ve taken the form of tricking users into opening malicious documents, or other forms of social engineering to exploit these systems and applications, which includes SharePoint, Visual Studio, Microsoft Office, and Microsoft Outlook.

While most of these items patched are not seeing exploits in the wild, it is important for system administrators and security personnel to make a judicious effort to patch systems as soon as possible after this release.

I would encourage you to read those so that you can see what’s been fixed and deploy these fixes when you can. Because installing these patches are an easy way to keep yourself secure.

Leave a comment »

« Older Entries
Newer Entries »