New and Noteworthy: ChatGPT Makes Waves Inside and Outside of the Tech Industry
Since it was made publicly available in December, ChatGPT has prompted all sorts of reactions from both inside and outside technology circles. Microsoft, which previously invested $1B into ChatGPT creator company OpenAI, indicated it will invest another $10 billion into the company and that it would incorporate AI into all of Microsoft’s tools. (1) Cybercriminals also seem to see the potential in ChatGPT; some security researchers reported seeing evidence that cybercriminals are abusing the tool to create or improve malware or create offensive tools to support cybercrime. (2, 3). In other fields, ChatGPT is being met with some concern. For example, several large US school districts have already banned student use of ChatGPT for fear that it could be used to cheat or shortchange the learning process. (4) Most recently, rock artist Nick Cave blasted a song written by ChatGPT in the style of his music, saying it ‘sucks’ and that any song ChatGPT creates will always be a replication. (5)
In December’s EclecticIQ 2022 Retrospective, the Intelligence and Research team wrote that ChatGPT and similar applications ‘present significant disruptive potential’ and ‘present enormous creative challenges in 2023, not only for cybersecurity defenders and analysts but for the global professional workforce.’ (6) That prediction seems even more prescient given these strong positive and negative reactions to ChatGPT from some circles. What seems clear at this point is that the potential applications of ChatGPT and similar tools are just beginning to be recognized, and there are as many reactions to the technology as there are applications for use. Furthermore, ChatGPT’s initial success will prompt other companies to attempt to emulate it, lest they miss out on lucrative deals or paradigm-changing technology. EclecticIQ’s Intelligence and Research team will continue monitoring the news surrounding ChatGPT and its many uses as its potential is realized.
Threat Actor Update: LockBit Ransomware Group Makes News Providing Decryption Key to Childrens’ Hospital
In late December, LockBit ransomware group apologized to the Toronto Hospital for Sick Children and provided the hospital a decryptor key for its malware after that organization fell victim to a cyberattack using LockBit’s malware. LockBit issued a public apology, clarifying that the affiliate who carried out that attack was blocked from working with LockBit in the future. (7, 8) LockBit is behind several high-profile cyber thefts recently, including attacks against the UK Royal Mail earlier this month and the Port of Lisbon in late December. (9)
It may make a good headline when a ransomware group gives a decryption key to a children’s hospital, but a deeper look reveals there’s more to the situation. It shows some of the risks that cybercriminal groups take on when they work with affiliates – they may not know exactly who they are working with, nor will they always have complete insight into the intended victims or into how their malware will be used. This opens the door to having the malware be used against organizations which developers do not want to target, as was this case. It also illustrates how organizations who are on ransomware groups’ “do not target” list are not necessarily safe. It only takes one affiliate who ignores or is ignorant of the guidelines to target hospitals like the one in this story. Furthermore, according to the news article, there was a two-week gap in time until LockBit got the hospital the decryption key; this means there were still likely shortcomings in patient care and disruptions to business operations for this hospital.
Malware: Google Search Ads Used to Spread Malware
In late December, the FBI issued an announcement alerting the public to the potential of malware being pushed via advertisements appearing in Google search results. According to the alert, cyber criminals are purchasing advertisements that appear to be the intended search result, but which redirect searchers to malicious sites. These illegitimate sites may prompt users to unwittingly download malicious programs or provide login information or financial credentials. (10) This gimmick resulted in instances of victims downloading IcedID malware loader and a variant of Racoon Stealer. (11) Security researchers have stated that some of the URLs do not currently have any hits on VirusTotal.(12)
EclecticIQ analysts recommend following the FBI-provided guidance for avoiding this technique. Specifically, users should double-check URLs for accuracy before clicking on them, type a known URL directly into the browser search bar, or use an ad-blocking extension when browsing the internet. (10) And of course, IT systems and devices should be equipped with up-to-date antivirus software to quickly detect and alert users of malware that may have been unintentionally downloaded.
About EclecticIQ Intelligence and Research
EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Intelligence and Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.
We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com or fill in the EclecticIQ Audience Interest Survey to drive our research toward your priority area.
Structured Data
Find the Analyst Prompt and earlier editions in our public TAXII collection for easy use in your security stack.
TAXII v1 Discovery services: https://cti.eclecticiq.com/taxii/discovery
Please refer to our support page for guidance on how to access the feeds.
You might also be interested in:
The Godfather Banking Trojan Expands Application Targeting to Affect More Europe-Based Victims
QakBot Malware Used Unpatched Vulnerability to Bypass Windows OS Security Feature
Changes in Retail and Hospitality Cyber Threat Trends During the 2020 and 2021 Holiday Seasons
Appendix
- Microsoft says it will roll out ChatGPT on its own AI service after reports it will invest $10 billion into OpenAI (msn.com)
- Hackers are using ChatGPT to write malware (TechRadar)
- Hackers are using ChatGPT to write malware, build data-encryption tools, researchers find (axios.com)
- Seattle Public Schools bans ChatGPT; district ‘requires original thought and work from students’ (msn.com)
- Rock legend Nick Cave excoriates San Francisco’s ChatGPT ‘travesty’ (msn.com)
- EclecticIQ Retrospective: A Look at the Themes & Events That Shaped the 2022 Cyber Landscape
- Ransomware group LockBit apologizes saying 'partner' was behind SickKids attack (CBC News)
- LockBit ransomware gang says sorry, gives free decryptor to SickKids hospital (Tripwire)
- LockBit cartel suspected of Royal Mail cyber attack (Computer Weekly)
- Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users
- Hackers abuse Google Ads to spread malware in legit software
- Twitter: Will Dormann Tweet 17 January 2023
