The Week in Security: Social engineering-attacks up with the rise of AI tools, Genesis Market seized

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: New research points to a trend in the rise of AI tools like ChatGPT with an increase in social engineering attacks. Also: Genesis Market, a stolen credentials warehouse, is seized by the FBI.

This Week’s Top Story

AI adoption contributed to the rise in sophisticated phishing and social engineering attacks

While the rise of generative AI tools such as ChatGPT has proven to be beneficial in some cases, it has also been found to be harmful in others. Cyber defense company Darktrace recently published a blog post summarizing new data collected from their customer base, which points out a correlation between increasing social engineering attacks with the rising use of AI tooling. Social engineering attacks, such as targeted phishing (also known as spear-phishing) pose a serious threat to organizations and are a common entry point for cyber attacks like ransomware.

The company’s chief product officer, Max Heinemeyer, said Darktrace saw a 135% increase in these “novel social engineering attacks” among their customers from January to February 2023. Heinemeyer also notes that this same timeframe aligns with the “widespread adoption of ChatGPT.” Heinemeyer doesn’t think that this similar timeline is a coincidence: “The trend suggests that generative AI, such as ChatGPT, is providing an avenue for threat actors to craft sophisticated and targeted attacks at speed and scale,” he wrote in the company’s blog post.

It’s important for organizations to take a step back and review the threat of social engineering in this new age of easy-access AI tooling. Organizations will not only need to bolster their threat detection and mitigation operations, but also their efforts around training and teaching their staff about social engineering attacks, as well as AI’s impact on this threat.

News Roundup

Here are the stories we’re paying attention to this week…

Notorious stolen credential warehouse Genesis Market seized by FBI (The Register)

A notorious source of stolen credentials, genesis.market, has had its website seized by the FBI. Genesis.market specialized in lifting "credentials, cookies, and digital fingerprints" and not only sold that data but offered a subscription service to provide up-to-date information on individuals it tracked.

Typhon Reborn stealer malware resurfaces with advanced evasion techniques (The Hacker News)

The threat actor behind the information-stealing malware known as Typhon Reborn has resurfaced with an updated version (V2) that packs in improved capabilities to evade detection and resist analysis.

Meet Rorschach, a new strain of ransomware hitting U.S.-based companies (Check Point Research)

A new ransomware known as Rorschach is targeting entities in the U.S., and abuses a signed component of a legitimate security product in its attacks, along with the threat actor's encryptor and injector tools.

ChatGPT linked to alleged leak of confidential information at Samsung (Interesting Engineering)

Less than a month after electronics giant Samsung introduced ChatGPT for its employees, the AI model has been linked to an alleged leak of confidential information. Sensitive information about the company's semiconductor equipment measurement data is among the content that has now become part of ChatGPT's learning database.

Researchers claim they can bypass Wi-Fi encryption, briefly, at least. (Naked Security)

Cybersecurity researchers in Belgium and the US recently published a paper scheduled for presentation later this year at the USENIX 2023 conference. In their research, they discovered that active adversaries might be able to shake loose at least some queued-up data from at least least some access points via Wi-Fi connection.