I.T., Blog Todd Swartzman I.T., Blog Todd Swartzman

AI & ChatGPT Threats and the arrival of Fleeceware

Scammers are in rare form these days, especially with arrival of mass news coverage of AI and ChatGPT. In today's blog, Todd answers questions about new scams, what are the biggest threats with AI and ChatGPT. Todd also addresses the question of using AI or ChatGPT for business purposes.

What are the biggest threats to each of us right now?

GETTY IMAGE

Scammers are using AI and ChatGPT as a tool to create even cheekier scams than normal!

THE ARRIVAL OF FLEECEWARE

One of the more irreverent scams is called Fleeceware, a type of mobile application (or website) that comes with excessive subscription fees you may quickly forget you’re paying. The ones oriented around these AI apps have catchy names like Genie – AI Chatbot. It can also be a website that looks like a legitimate site or uses a similar name to a trusted site to give a false sense of legitimacy.

The goal of these apps or websites is to get your to complete a sign up for a weekly/monthly subscription for what you’ll quickly find out is pretty useless.

HOW WELL DOES THE SCAM WORK?

Sophos reports that the people who publish the Genie AI Chatbot app (still available in the Apple apps store btw) are raking in $1 Million a month in subscription fees for something better, and free if you go to the source, https://openai.com/blog/chatgpt 

IS THERE AN OFFICIAL OPEN AI IPHONE OR ANDROID APP FOR CHATGPT?

There is only one official app released as an iPhone app for ChatGPT and there is not one for Android, yet.

If you search the app store for ChatGPT, you’ll see dozens (maybe hundreds of apps) but only one is the official Open AI ChatGPT app. There isn’t an official app for Android yet, but there are more than a few pretenders available. 

The only official app OpenAI has published, download it here for the iPhone:  https://apps.apple.com/us/app/openai-chatgpt/id6448311069

SHOULD I BE SUSPICIOUS OF EMAILS RELATED TO CHATGPT?

The scams wouldn’t be complete without using the headlines to send phishing emails. The current hearings in Congress are news, and news means new subject lines for phishing emails.

There are new domain names popping up related to ChatGPT, many of which are common misspellings of legitimate domain names. BE EXTRA SUSPICIOUS of any email or text messages you receive with subjects or links related to ChatGPT. If you intend to use ChatGPT, be sure to access the service through the official OpenAI site, https://openai.com/blog/chatgpt

 SHOULD I USE CHATGPT FOR BUSINESS?

For businesses, these tools bring the added risk of your employees inputting sensitive information into these tools. Your best protection is to have a policy around the use of these AI tools, similar to what you probably already have to social media usage.

If you have a legitimate business use for these AI tools, great – review their privacy policies and terms of use. You’ll have better privacy and control over your data usage is you pay for a subscription vs. using free ones.

Be sure to know how the service will use any data you give it before committing.

Read More
I.T., Blog Todd Swartzman I.T., Blog Todd Swartzman

4 Things Victims of Cybercrime Have in Common

Scott Augenbaum, is a retired FBI Special Supervisory Agent, author, and keynote speaker specializing in cybercrime investigations. Scott shared his experiences this week of working with the victims of cybercrime over the past 20+ years, from huge multinational businesses to mom-and-pop retail shops. These are the four things that cybercrime victims have in common.

Scott Augenbaum photo, retired FBI agent

Scott Augenbaum, retired FBI Special Supervisory Agent

Scott Augenbaum, is a retired FBI Special Supervisory Agent, author, and keynote speaker specializing in cybercrime investigations. Scott shared his experiences this week of working with the victims of cybercrime over the past 20+ years, from huge multinational businesses to mom-and-pop retail shops. These are the four things that cybercrime victims have in common.

  •  No victim ever expected it to happen.

  • Once the bad guys break in and steal your data, the chances of Law Enforcement fixing it are about ZERO.

  • The bad guys won’t go to jail.

  • Most victims could have prevented the attack.


NO ONE EVER EXPECTS IT TO HAPPEN

Quite common and really, who expects to become a victim of crime anyway? In the online world, you are a target, usually of opportunity. We all receive phishing emails, sometimes dozens a day, so logically we’re all aware of this attack vector. Everyone should realize that a cyber event that causes data loss and service interruptions, regardless of how large or small our companies are is probable depending on your industry. While we only hear about the big guys getting breached like Target, Colonial Pipeline, Maersk, Experian, Sony, etc., understand that for every one of these headline grabbers, there are hundreds or thousands of small businesses getting successfully breached that we never hear about. If we understand that the bad guys are always looking for victims, we should admit that it’s at least a possibility and take positive steps to reduce our risks. 

LAW ENFORCEMENT CANNOT FIX IT

Law enforcement cannot fix it after it happens. It’s the nature of cybercrime – most people/businesses don’t know they have become a victim until after it’s happened. No one can turn the clock back on an attack unless you planned ahead with solid, tested backups and recovery processes, practiced how your business would respond to various cyber events, and took steps to reduce the likelihood of a successful attack. This doesn’t mean don’t notify law enforcement, there are financial crimes that need to be reported immediately in order to have a chance of recovering a fraudulent transfer, for example, but that is outside the scope of this article. Your IR (Incident Response Plans) should outline your plans based on the type of cyber security event experienced.

 THE BAD GUYS WILL NOT GO TO JAIL

Due to the international nature of cybercrime, it’s very rare for someone to be held accountable for a crime. Even if they do get caught, the likelihood of you being made whole because of this is next to zero.

MOST VICTIMS COULD HAVE PREVENTED THE ATTACK

With simple preventative measures, you can reduce the likelihood of becoming a victim.

ABOUT SCOTT AUGENBAUM
After joining the Federal Bureau of Investigation (FBI) in the New York Field Office in 1988 as a support employee, Scott Augenbaum became a Special Agent in 1994 and was assigned to the Syracuse, New York Office, where he worked domestic terrorism, white collar and hate crimes, and all computer crime investigations. Author of the Book: The Secret to Cybersecurity: A Simple Plan to Protect Your Family and Business From Cybercrime

Interested in Five Simple Steps to Prevent a Cyberattack? Read our tips now.

  

Read More
I.T., Blog Todd Swartzman I.T., Blog Todd Swartzman

DON’T FREAK OUT - JUST use MFA

Are you a business who is looking at a cyber insurance policy and just not ready to commit? Or, perhaps you haven’t renewed your cyber insurance policy recently? Read on, because this article is written just for you…

Requirements to get a policy are real! If you apply for a policy (or renew your policy) the following are hard requirements you need to have in place if you want to be covered. Don’t risk getting a ‘no’ from your insurance provider, be prepared starting with Multi Factor Authentication (MFA).

Cyber Insurance Prep for 2022

Are you a business who is looking at a cyber insurance policy and just not ready to commit?

Or, perhaps you haven’t renewed your cyber insurance policy recently?

Read on, because this article is written just for you…

RATES ARE GOING UP

No surprise that rates are going up especially since we’ve been seeing SMB rates for cyber insurance rise as much as 100% or more. The reason this is happening is because some insurers are taking unacceptable losses and are raising rates accordingly. Other insurers are not renewing or offering new cyber insurance policies going forward. A few are “pausing” writing new policies, probably trying to decide if they can weather the storm. 

MFA TO HELP AVOID COVERAGE REJECTION

Requirements to get a policy are real! If you apply for a policy (or renew your policy) the following are hard requirements you need to have in place if you want to be covered. Don’t risk getting a ‘no’ from your insurance provider, be prepared starting with Multi Factor Authentication (MFA).

MFA is required for the following:

  1. Microsoft 365 or other Hosted email services

  2. VPN users

  3. When enabling your Remote Desktop Protocol

WHY DO THEY REQUIRE MFA?

The above three areas are where most cyber incidents being which is why insurers will not cover your business if you won’t take these very basic (and often no cost) precautions. These days, not following this type of guidance is akin to inviting the bad guys in. Your business is NOT too small for the bad guys. They have an automated process which makes everyone a target, large or small.

WANT TO HEAR SOMETHING SCARY?

We received notice from our dark web monitor just yesterday that a client account was up for sale due to a phishing scam – this person’s email account credentials were up for sale and it was a current password! I logged in using the info the bad guys had, and lo and behold, someone from Russia was logged into the account too. Yikes! There was a 99.9% chance that this would not have happened if MFA was in use.

 

ON AVERAGE, 1.2 MILLION MICROSOFT
ACCOUNTS ARE COMPROMISED MONTHLY.


WHEW! CHECKLIST

1.     Enable MFA for everyone using Microsoft 365, G-Suite, etc. and enforce this.

2.     If you allow direct RDP access to computers and servers in your office, you really need to turn this off and pick a more secure method of remote access.

3.     If you use VPN’s for remote access, enforce MFA usage.

4.     Train your folks to recognize social engineering attempts and phishing (the most common form of social engineering we see) attempts along with clear guidance on what they should do when (not if) they encounter these situations.

5.     Shore up your password policies. Require long, unique credentials for everything, backed up by MFA where possible. No password reuse either – it’s just inviting problems. Then, use a password manager to easily keep up with your good, unique passwords.

 


References

https://www.zdnet.com/article/microsoft-99-9-of-compromised-accounts-did-not-use-multi-factor-authentication/ 

https://www.insurancebusinessmag.com/us/news/cyber/preparing-for-cyber-insurance-2022-renewals-319072.aspx

 

Read More
I.T., Blog Deidre Frith I.T., Blog Deidre Frith

What lessons can we learn from the Colonial Pipeline ransomware event?

If your business falls victim to a ransomware attack or some other type of breach, how would your company handle recovery? In talks with business owners over the past couple of years, no one thinks too much about what recovering from an event looks like for them. At RealTime we hear “I’ll call you guys!” or “our insurance will handle it”, “our IT guy will deal with it.” Are these courses of action something to stake your business on? Let’s use a real world example happening now with Colonial Pipeline.

20210513-danny-beth-pipeline.jpg

Blog: Todd Swartzman, RealTime Chief Information Security Officer

LET’S BEGIN AT THE END

Let’s go a bit out of order and focus on the end of these types of events, the recovery. After all, if your business falls victim to a ransomware attack or some other type of breach, eventually you will get to the recovery phase. In talks with business owners over the past couple of years, no one thinks too much about what recovering from an event looks like for them. At RealTime we hear “I’ll call you guys!” or “our insurance will handle it”, “our IT guy will deal with it.” Are these courses of action something to stake your business on? Let’s use a real world example happening now:

COLONIAL PIPELINE EVENT/RECOVERY FACTS

  1.  Event May 5, 2021

  2. Took five days and there are still intermittent service interruptions happening.

  3. Budget? Unlimited. This was a recover at all costs exercise.

  4. Government help – there for the asking

  5. Temporary lifting of regulations to help deliver product.

  6. Colonial Pipeline paid $4.4 million in ransom within hours of the attack. They opted to pay the ransom because it was unsure of the extent of the breach. The hackers provided the company access to a decryption program following the payment, but Colonial Pipeline was not able to immediately restore operations with the tool.

 HOW WOULD THIS COMPARE TO YOUR BUSINESS RECOVERY?

  1. Do you have unlimited funding and is FedGov offering every assistance available to you?

  2. Can you go 24x7 until it’s recovered? What about your primary business serving customers, who’s going to do that while all hands are on deck dealing with the current fire? If you have one IT guy, this isn’t realistic, even if they did have the requisite skills, and they probably don’t.

  3. Do you assume you’ll only be down for a few days? Average time to recover a small business is about two weeks, but that can vary wildly.

 CLOSING

CYBERSECURITY IS NOT JUST A TECHNICAL PROBLEM. IT’S A BUSINESS PROBLEM.

Use this as a lesson you can learn at someone else’s expense. Review your own controls, backups, response plans, insurance policy, and your budget to make sure that your plan is documented, understood, and most importantly is realistic.

 CISA (Cybersecurity & Critical Infrastructure Agency) put out an alert on Best Practices for Preventing Business Disruption from Ransomware Attacks. And if you are curious, yes, Colonial Pipeline would be subject to adhering to CISA requirements as they are critical infrastructure.

Article link: https://us-cert.cisa.gov/ncas/alerts/aa21-131a 

Read More
I.T., Blog Deidre Frith I.T., Blog Deidre Frith

Medical Centers impacted by ransomware around the U.S.

Medical Centers around the United States are becoming victims on ransomware. Now, during a time of COVID it’s causing more hardship than ever before. We’ve selected three briefs to share with you about the results and difficulties these circumstances have created for medical facilities.

Greater Baltimore Medical Center Hit by Ransomware Attack

BY MIKE LENNON

The Greater Baltimore Medical Center in Towson, Maryland was hit by a ransomware attack that impacted computer systems and medical procedures, the healthcare provider said Sunday. In late October, the U.S. government warned hospitals and healthcare providers of an “increased and imminent” ransomware threat. The alert warned that threat actors are targeting the healthcare sector with the TrickBot malware in attacks that often lead to ransomware infections, data theft and disruption of healthcare services.

The ransomware attack is the latest of many that have impacted healthcare providers over recent months. In September, a ransomware attack forced the shutdown of more than 250 locations operated by Universal Health Services (UHS). Also in September, an attack shutdown IT systems at a hospital in Duesseldorf, Germany, resulting in the death of a woman after she had to be taken to another city for urgent treatment.

TrickBot has been updated with functionality that allows it to scan the UEFI/BIOS firmwareof targeted system for vulnerabilities, security researchers recently discovered. READ MORE…

UHS Shuts Down Systems in U.S. Hospitals Following Cyberattack

BY IONUT ARGHIRE

In the end of September, 2020, Universal Health Services (UHS) shut down IT networks at multiple hospitals in the United States, after being hit with a cyberattack. A Fortune 500 company operating more than 400 facilities in the United States, Puerto Rico, and the United Kingdom, the healthcare services provider has approximately 90,000 employees and claimed an annual revenue of $11.4 billion for 2019. While many said that patient care wasn’t critically affected, others detailed difficulties in receiving lab results or performing other types of investigations in a timely manner. There was also one unconfirmed report of patients dying due to such delays. Furthermore, Bleeping Computer and TechCrunch report that information from people with knowledge of the incident leads to the conclusion that the Ryuk ransomware was used. READ MORE HERE…

As Hospitals Cope With a COVID-19 Surge, Cyber Threats Loom

BY ASSOCIATED PRESS

The (University of Vermont Medical Center) Vermont hospital had fallen prey to a cyberattack, becoming one of the most recent and visible examples of a wave of digital assaults taking U.S. health care providers hostage as COVID-19 cases surge nationwide.

The same day as UVM’s attack, the FBI and two federal agencies warned cybercriminals were ramping up efforts to steal data and disrupt services across the health care sector.

By targeting providers with attacks that scramble and lock up data until victims pay a ransom, hackers can demand thousands or millions of dollars and wreak havoc until they’re paid.

Ransomware is also partly to blame for some of the nearly 700 private health information breaches, affecting about 46.6 million people and currently being investigated by the federal government. In the hands of a criminal, a single patient record — rich with details about a person’s finances, insurance and medical history — can sell for upward of $1,000 on the black market, experts say. READ MORE…

NEED MORE PROTECTION? LEARN MORE ABOUT CYBER DEFENSE…

Read More