AI Powered Social Media
The Future of Social Threats

aI Powered Social Media

Implications for your Business and Home

The threats detailed below have become even more prevalent, sophisticated, and harder to detect. All are part of a larger trend in which the efforts and attack techniques used by hackers are increasingly complex and targeted.

UNITED STATES AUSTRALIAN FOOTBALL LEAGUE

Business Threats

Adversarial Social Media

Coming Soon to Screens Near Your Kids!
Adversarial AI, ChatGPT-powered social engineering, and paid advertising attacks are among the most dangerous emerging threats for 2023 and beyond.
The threats detailed below have become even more prevalent, sophisticated, and harder to detect. All are part of a larger trend in which the efforts and attack techniques used by hackers are increasingly complex and targeted.

Adversarial AI attacks

  • With adversarial AI attacks, the manipulation of AI tools to increase the pace of ransomware campaigns and identifying vulnerabilities within software is becoming more prevalent, and AI has changed the game for the bad guys.

ChatGPT-powered social engineering

  • ChatGPT-powered generative AI is now leveraged to exploit human risk – targeting the vulnerabilities of individual employees to breach their wide organisation’s network, including their families.

Third-party developer attacks

  • These attacks (also known as software supply chain attacks) chiefly arise from targeted attacks on third-party software developers to infiltrate enterprise networks through the supply chain.
  • For organisations across sectors, this threat underscores the criticality of effectively working in tandem with software developers to align security architectures, share threat intelligence, and navigate evolving attack techniques.

 SEO attacks and paid advertising attacks

  • Other dangerous, emerging threats include new SEO and advertising attacks (also called malvertising). The threats leverage fundamental marketing strategies to gain initial access to enterprise networks.
  • In these instances, criminals are exploiting SEO keywords and paid advertisements to trick victims into engaging spoofed websites, downloading malicious files, and allowing remote user access.

 

What can I do?

  • The good news is that even the smallest and youngest of businesses can defend against these attacks.
  • Awareness, vigilance, and education are vital weapons and the most critical line of defense. Ultimately, to shore up the best defenses in an “always on” hacker world, it’s vital everyone stays ahead of the curve and keep shape shifting the approach, whatever the threat.
  • Organisations need to deploy an integrated defence-in-depth security model that provides layered protections, automates critical detection and response actions, and facilitates effective incident-handling processes.
  • These threats heighten the importance of incorporating scalable user awareness training programs tailored to new threats.

Home and Home Office Threats

Tik Tok Surprises

Social Media can Burst your Bubble!
COVID-19 check-ins certainly got all of us used to scanning QR codes to enter places like restaurants and bars, and even now, many such places are still taking advantage of QR codes to allow ordering straight from the table. In the space of a year, QR code technology has become widespread and accepted by the public.

But this newfound trust in the technology has also created a new way for scammers to fleece their victims.

Media reporting recently highlighted the case of a Singaporean who scanned what looked like a QR code offering discounts on milk tea at her local bubble tea shop. She scanned the code, downloaded the proffered app and filled out a survey, no doubt thinking of the milky treat in her near future.

However, overnight, the downloaded app — which was, in fact, malware — activated, took over her device, and transferred $20,000 out of her bank account.

Besides website pop-up banners, which are most common, pasting bogus QR codes outside F&B establishments is another cunning way to hook victims as consumers may not be able to differentiate between legitimate and malicious QR codes.

Hopeful scammers are also posting similar notes near actual scan-to-pay signs and near traffic lights, hoping to entice even more victims.

The malicious app, when installed, asks users to give it access to the phone’s camera and microphone, as well as to enable the Android Accessibility Service — which is normally used by people with disabilities, and that lets the scammer see and even control the device’s display. The scammer can then harvest login details of the device, and other apps, particularly online banking apps.

 

By having control of a phone’s camera, scammers can monitor victims and choose the right time to act. By waiting until night, when victims are sleeping, they can act with near impunity -literally taking control of the victim’s device.

What can I do?

To reduce the likelihood of this occurring, we suggest that you:

  • Only use QR codes from recognised and trusted sources.
  • Avoid using QR codes for promotional purposes and avoid accessing them in public spaces.
  • If you wish to take up a promotion, try and use different methods and minimise how many times you allow control of your device.
homecross