Read: Transforming Back Office Operations with Intelligent Automation

The January 2024 OptionOne Cybersecurity Briefing

By OptionOne Technologies

We searched through the most popular cybersecurity websites to bring you the latest industry news, updates, and tips.

Cybersecurity Threat News

Microsoft Shares New Guidance After “Midnight Blizzard” Cyberattack

Microsoft and Hewlett Packard Enterprise (HPE) fell victim to a cyber-attack by Midnight Blizzard, a Russian threat group known for its affiliation with Russia’s Foreign Intelligence Service (SVR), DarkReading reported. The group targeted Microsoft’s corporate emails and extracted sensitive data.

The hackers gained access via a compromised legacy test account utilizing a password spray attack and leveraged legitimate residential IP addresses to evade detection. The cyber-attack, which began in late November 2023, also saw HPE’s cloud-based email environment breached last May, as revealed in a recent SEC filing.

After gaining access to Microsoft’s system, the threat actors identified and took control of a legacy test OAuth application, granting themselves full access to Office 365 Exchange mailboxes. To maintain access to applications even if the initial account was compromised, they misused OAuth.

According to Tal Skverer from Astrix Security, “The success of the password spraying attack, in this case, was time-limited, so while they had [access], they created OAuth apps and consented to them, generating non-expiring OAuth access tokens to the attackers.”

Even if the initial account is disabled or deleted, some of these permissions can persist, allowing attackers to retain access. Microsoft’s latest guidance suggests organizations should audit privilege levels attached to all identities and implement anomaly detection policies to spot malicious OAuth applications.

Infosecurity Magazine also offered advice on how to counteract this threat. The news publication suggested the following:

  • Identify malicious OAuth applications by scrutinizing privileges that belong to unknown identities.
  • Eliminate insecure passwords and implement MFA, as well as employee education programs.
  • Leverage Microsoft Entra ID Protection to help identify threat activity.
  • Investigate suspicious OAuth activity, such as apps with application-only permissions, increases in app API calls to the Exchange Web Services API, and suspicious users creating an OAuth app that accessed mailbox items.

Sophos Explores How Large-Scale Scam Campaigns Are Made Possible by Generative AI

British-based security software company Sophos has conducted an insightful experiment exploring the misuse of generative AI in orchestrating large-scale scam campaigns. As they presented at several international stages, they highlighted how these campaigns utilize various types of generative AI, deceiving victims into surrendering sensitive information.

The investigation revealed that although mastery over this technology presents a steep learning curve for potential scammers, the obstacles are unfortunately not as formidable as preferred.

The experiment delved into the role of Large Language Models (LLMs) in simplifying the creation of scam websites. Traditionally, setting up a fraudulent web store demanded extensive coding skills and a deep grasp of human psychology.

However, the emergence of LLMs has significantly reduced such barriers, enabling individuals with basic coding skills to generate scam websites through interactive prompt engineering. The challenge lies in integrating the individually generated components into a functional scam site.

Sophos countered this challenge by creating a simple e-commerce template, customizing it using an LLM, and further automating the process using an AI tool, Auto-GPT. The result was a highly convincing scam website, relatively simple to construct, illustrating the dangerous potential of AI misuse.

Sophos says it is generating its own co-pilot AI model, which will be able to identify these new threats and automate security operations.

Zero-Day Exploits and Supply Chain Attacks Fuel Increase of Compromise Incidents

2023 marked a new record for reported data breaches to the Identity Theft Resource Center (ITRC), CSO Online reported. They were largely fueled by zero-day and supply chain attacks, as stated in the annual data breach report.

A staggering 78% increase in data compromises from the previous year was noted, with the count rising to 3,205 from 1,801, setting a new record. The resurgence of organized criminal groups involved in identity crime, especially during the Russia-Ukraine conflict, and a significant rise in organized groups launching supply-chain attacks contributed to this alarming growth.

Factors such as an increase in the use of open-source software components and the complexity of modern software supply chains may have contributed to the rise in zero-day attacks. The ITRC report also highlighted that nearly 11% of all publicly traded companies were compromised last year, with industries like healthcare, financial services, and transportation reporting more than double the number of compromises as compared to 2022.

Experts suggest that given the rising trend in supply-chain and zero-day attacks, we could anticipate another year of increased breaches. The imminent advent of new AI tools, while beneficial for defenders, could also facilitate attackers in launching successful attacks more efficiently.

Cybersecurity Tips

AI-Driven Defenses Are Evolving—So Are AI-Driven Cyberthreats

The advancement of AI technology has significantly reshaped the field of cybersecurity, with its role evolving from a purely defensive mechanism to a tool used by both defenders and threats, The Hacker News reported. As we’ve transitioned into the third decade of the millennium, the widespread adoption of remote work, the boom in IoT and hyperconnected IT systems have blurred traditional security boundaries, leading to an exponentially expanded attack surface.

The increasing sophistication of threat actors, facilitated by the democratization of AI, has led to the rise of intellectual property theft, infrastructure sabotage, and large-scale monetized attacks. Furthermore, AI’s role in cybersecurity has grown, with machine-learning models being used for efficient anomaly detection, predictive analytics, and rapid response to evolving malware.

However, this technology isn’t solely used by defenders. Adversarial tools such as WormGPT are emerging to benefit attackers, enabling the creation of AI-generated phishing campaigns and AI-assisted target identification. These capabilities make deceptive messages increasingly difficult to identify and customize attacks more effectively.

Furthermore, AI-driven behavior analysis allows malware to learn user or network patterns, evading detection by better mimicking regular activity, while AI-assisted social engineering uses AI-generated deepfake audio or video to lend credibility to attacks.

As AI technology becomes a double-edged sword, organizations must stay informed and prepared for this evolving threat landscape.

Thanks for Reading

That’s it for this month’s Cybersecurity Briefing. Contact us today to learn more about our services.