Cyber Vigilance Update

Today’s Connection

Cyber Engage Update - 05/05/2023 V2 (#23) (#24) (#25) (#26)

Office Alert

ChatGPT – more than helping write documents

AI is even more helpful for Cyber Criminals!

It is difficult to overstate the impact of the current viral adoption of AI and its long-term ramifications. These essential characteristics, combined with pervasive infrastructure to deliver these capabilities as a service, are sure to create large-scale challenges quite soon.

Those who wish to, can potentially exploit AI-driven systems like ChatGPT across various aspects of cyberattacks including enumeration, foothold assistance, reconnaissance, phishing, and the generation of polymorphic code.

Adversarial AI attacks and ChatGPT-powered social engineering are seen amongst the top five most dangerous new attack techniques being used by criminals. These are outlined as:

Improved enumeration to find attack points

ChatGPT-enhanced enumeration to find vulnerabilities can be effectively employed to swiftly identify the most prevalent applications associated with specific technologies or platforms. This information can aid in understanding potential attack surfaces and vulnerabilities within a given network environment.

Foothold assistance to gain unauthorised access

Foothold assistance refers to the process of helping criminals establish an initial presence or foothold within a target system or network. In the context of using AI tools, foothold assistance might involve automating the discovery of vulnerabilities or simplifying the process of exploiting them, making it easier for attackers to gain initial access to their targets.

Reconnaissance to assess attack targets

Reconnaissance, in terms of cybersecurity, refers to the initial phase of gathering information about a target system, network, or organisation before launching an attack. This phase helps them identify potential vulnerabilities, weak points, and entry points that they can exploit to gain unauthorised access to systems or data.

Reconnaissance is typically carried out in three ways:

  • passive,
  • active
  • social engineering

Gathering comprehensive data, such as directories of corporate officers, can be a daunting and time-consuming process, however, by leveraging ChatGPT, users can pose targeted questions, streamlining and enhancing data collection processes for various purposes.

More effective phishing lures

Through AI-powered tools, criminals can now effortlessly craft legitimate-looking emails for various purposes. Issues such as spelling errors and poor grammar are no longer obstacles, making it increasingly challenging to differentiate between genuine and malicious correspondence.

Rapid advancements in AI technology have significantly improved the capabilities of those seeking to, to create deceptive emails that closely resemble genuine correspondence. The flawless language, contextual relevance, and Personalised details within these emails make it increasingly difficult for recipients to recognise them as phishing attempts.

Develop malicious polymorphic code more easily 

Polymorphic code refers to a type of code that can alter itself using a polymorphic engine while maintaining the functionality of its original algorithm. By doing so, polymorphic malware can change its “appearance” (content

Market adoption of AI will parallel cloud adoption trends and primarily use the cloud delivery model.


What can I do?

  • Do not rely solely on AI and ensure that any security arrangements that you have cover this product
  • Report any changes or impacts to your systems

Home Alert

Malware Advice for Android Users 

NOTE: Apple Users be aware!

A piece of Malware called Goldoson that can steal data and commit click fraud has hitched a ride into 60 of Android’s mobile apps. This unwanted hitchhiker arrived via an infected third-party library with more than 100 million downloads sourced from the official Google Play store.

This malware can collect lists of applications installed, as well as sniff out the location of nearby devices via Wi-Fi and Bluetooth. The malware requests permissions to access location, storage, or the camera at runtime from devices running Android 6.0 or higher. It also can perform ad fraud by clicking advertisements in the background without the user's consent or knowledge. While the malicious library was made by someone else, not the app developers, the risk to installers of the apps remains.

The existence of Goldoson demonstrates once again how swiftly malicious activity can spread when it's a part of third-party or open source components that developers build into applications without knowing that they are infected.

Indeed, this ability to gain a large malicious footprint quickly and without organisations or developers knowing — and thus before they can react — has not been lost on attackers. As a result, they are increasingly targeting the software supply chain with malware  — and will continue to do so as their successes mount.

What can I do?

Demand Transparency - Transparency across organisations and developers' teams appears to be the best way to mitigate software supply chain issues.


This week's Training module


Cyber Threat Reporting (1/1)

Cyber Security Vigilance Program

Version 16-11-2022

Cyber Security Vigilance