Merlin Labs Memo -- Week of June 19-23

Over 100K ChatGPT Account Credentials Stolen by Raccoon Malware

Group-IB, a Singapore-based cybersecurity firm, announced this week the discovery of credentials associated with more than 100,000 compromised ChatGPT accounts being offered on illicit dark web marketplaces. It appears that the credentials were obtained through information-stealing malware Raccoon. The information in this article should not be a surprise and follows previous articles discussing the 200-300% month-to-month increase in AI-generated YouTube videos linked to stealer malware. In addition to Raccoon, Vidar and RedLine are additional examples of info-stealer malware – a growing threat in today’s AI-driven worldwide cybersphere. -- Via Infosecurity Magazine

Our Take: There must be some irony in a story about credentials for AI software accounts (OpenAI Language Model ChatGPT) being stolen by info-stealer malware that was likely delivered through AI-generated web content. Week in and week out, we see the same stories. It needs to stop – and that’s going to require us to stop:..

• Stop clicking on links… basically any links being presented by unsolicited emails, advertisements, websites or social media sites. If you see a link that is intriguing – STOP and go directly to the website that appears to be making the offer. And if a link’s promise seems too good to be true or too urgent to ignore – ignore! Assume it’s malicious.
• Stop with the pirated software. It’s illegal, unethical, and very likely to be infected with malware. Be a part of the solution here and stop rewarding this bad behavior with your ready cooperation. It’s hard to get angry with hackers when you make it this easy for them.
• Stop thinking a password is enough, especially a stale overly simple one that you’ve reused 1000 times in some way, shape or form and can be easily guessed by your second cousin once removed. Until passwords are entirely replaced with passkeys or some yet-to-be-invented tech, make them obscure, consider a passphrase, change them frequently, use a password manager if possible, and please add a large side of enabled multi-factor authentication (MFA). You won’t stop hackers, but you’ll definitely make it a lot harder for them to do their thing.
• Stop entering anything that remotely resembles sensitive, specialized, confidential, proprietary, self-identifying, or differentiating information into tools like ChatGPT. All of that gets saved… and interpreted… and reused… and potentially exposed through any number of malicious and non-malicious scenarios. Think of ChatGPT as your teenage diary. It seems safe enough to share those thoughts in the privacy of your own room until your younger brother sneaks in, grabs it from under your mattress and shares it with all his friends. If it isn’t something you would share with the world, don’t share it with ChatGPT or any other generative AI tool for that matter.

This is far from the first, and even farther from the last article we will see declaring breaches and data being compromised with the help of AI. And to end my take on a more positive note – let's talk about something you should do instead of all the things you should stop doing. Do – invest in a real-time threat intelligence platform (TIP) that includes elements such as a SOAR (security orchestration, automation and response), SIEM (security information and event management), DLP (data loss prevention) and encryption, and endpoint detection and response (EDR), as well as the more fundamental tools such as malware detection, identity and access management (IAM), password management, backup and recovery capabilities, and next gen firewalls to name a few. Automation across and throughout a cybersecurity threat intelligence platform is a key capability – pitting machine intelligence against machine intelligence. It’s time to refresh that cybersecurity stack and begin fighting fire with fire. -- Sarah Hensley

Additional Reading:

Preventing Data Breaches: The Role of Threat Intelligence Platforms And Cybersecurity Strategies (Forbes)

Infostealers Spread Via AI-Generated YouTube Videos (Infosecurity Magazine)

Group-IB Discovers 100K+ Compromised ChatGPT Accounts on Dark Web Marketplaces; Asia-Pacific region tops the list (Group-IB)

Army's CID Warns Personnel About Suspicious Smartwatches

The U.S. Army’s Criminal Investigation Division (CID) is urging military personnel to be on the lookout for unsolicited, suspicious smartwatches in the mail, warning that the devices could be rigged with malware. Service members across the military have reported receiving smartwatches unsolicited in the mail. These smartwatches, when used, have auto connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a myriad of user data.

These smartwatches may also contain malware that would grant the sender access to saved data to include banking information, contacts, and account information such as usernames and passwords.

Malware may be present which accesses both voice and cameras, enabling actors access to conversations and accounts tied to the smartwatches.?

Our Take: We were taught at a young age, don’t take candy from a stranger. During Halloween, if we received candy where the packaging had the slightest hint of being tampered with, it would go straight into the dumpster. Fast forward a bit, I can clearly remember when flash drives were $50 for a 32MB drive from the big blue box store. I later received company branded drives from employers, conferences, and trade shows, being handed out side-by-side with stickers and koozies. Who doesn’t love free swag?

Today, we are all educated to the point to not trust any random flash drive given or found from the parking lot. Even better, we have security tools in place that prevent flash drives from even functioning on our endpoint devices. Yet here we are where smartwatches are being sent to our military. How do children, let alone grown professionals, resist the temptation of a brand-new smartwatch? For starters, we can raise awareness by communicating and educating our community together. -- Tony Ko?

Additional Reading:

CID Lookout: Unsolicited Smartwatches Received by Mail (Army CID)

Randomly received a smartwatch? Don't turn it on, invesigators warn (C4ISRNET)

US Military Personnel Targeted by Unsolicited Smartwatches Linked to Data Breaches (HackRead)

You've got mail: US Army personnel receive suspicious smartwatches (Cybernews)

US Military Personnel Receiving Unsolicited, Suspicious Smartwatches (SecurityWeek)

Consolidating Security Solutions? Consider These Gotchas...?

Even though the nation isn’t in the recession it was predicted to be in at this time, IT leaders are nevertheless looking to cut costs through consolidating vendors. Let’s take a look at the benefits and possible downsides of such a move.?

Our Take: The benefits are attractive: consolidating vendors offers a simplicity of billing arrangements and vendors frequently promise seamless integration with their full platforms of tools. Some would even tout a reduction in total security staff needs with a slimmed-down toolset.?

Here comes the “however,” so brace yourselves for some drawbacks.?

There’s a difference between reducing the number of vendors and reducing the areas of security being considered. Dropping vendors purely for cost-cutting measures means a corresponding increase in risk, especially if parts of the enterprise go from being protected to becoming dark, vulnerable places for attackers to both plunder and carve out a base in.?

Integrating tools, even from the same vendor, is not a given. It would do any executive well to have independent views telling their war stories about integrating tools. There will be vendors that had smooth integrations and others where the actual experience did not live up to the marketing promises. For tools that integrate smoothly, get a list of tips and tricks from those who have had that success and follow their playbooks. Where one can’t find a good example of a successful integration, look beyond the short-term gains to consider the long-term costs.?

Speaking of long-term costs, we have to ask questions about dropping one vendor’s tool in favor of another. Will the protection be the same? How much will it cost to train the staff on the new tool? Are there long-term deals that lock us in for the time being? Will we have to rewrite our processes after adopting the new tools??

Consolidating tools, overall, is a strong idea, but it’s by no means a slam-dunk case in favor of consolidation. Sleep on it at least one night before finalizing any decisions to consolidate. -- Dean Webb?

Additional Reading:

Even With No Recession, Smaller Firms Aim to Consolidate Security Tools (Dark Reading)

The 2023 State of IT (SWZD)

Readers of our Newsletter:?What’s working, what’s not, and what’s on your mind? Leave a comment below or email?[email protected]. Thank you!