This month, ChatGPT account credentials were discovered on dark web marketplaces, the US Government were hit by a cyber attack and later announced a $10 million ransomware bounty, thousands fell for a fake cryptocurrency reward scheme, cyber security researchers were impersonated in a GitHub campaign, plus much, much more.
Read on to find out the latest from the cyber security industry from June 2023.
Stolen ChatGPT account credentials sold on dark web marketplaces
Earlier this month, over 100,000 compromised OpenAI ChatGPT account credentials were discovered in illicit dark web marketplaces. According to Group-IB, the Asia-Pacific region experienced the highest concentration of ChatGPT credentials up for sale, with India alone accounting for 12,632 stolen credentials, closely followed by Pakistan, Brazil, Vietnam, Egypt, and the United States.
With increasing numbers of employees taking advantage of ChatGPT to optimise their work, we have seen a dramatic spike in news stories of confidential and sensitive data falling into the wrong hands, with ChatGPT storing user queries and responses by default.
Upon further investigation, most logs containing ChatGPT credentials were found to have been breached by the notorious Raccoon, Vidar, and Redline.
Also this month, new research carried out by LayerX found that 6% of employees paste sensitive data into tools such as ChatGPT. According to the report, 4% of employees were also found to paste sensitive data into ChatGPT weekly, posing a severe threat to businesses and consumers.
Businesses are being warned to assess the usage of generative AI and external tools, ensuring that risk analysis and continuous monitoring are carried out. Since its launch in November 2022, ChatGPT has become popular among cyber criminals, with the artificial intelligence chatbot proving to be a catalyst for cyber crime when misused.
US Government hit by global cyber attack
On the 15th of June, several US federal government agencies experienced intrusions following the discovery of a weakness in MOVEit, a widely used file transfer software.
It is thought that Clop, the ransomware gang allegedly responsible for the attack, has not demanded ransom payments from federal agencies. However, hundreds of organisations throughout the United States could be affected and targeted.
Eric Goldstein, Executive Assistant Director of the Cybersecurity and Infrastructure Security Agency, said: “We are working urgently to understand impacts and ensure timely remediation.” Meanwhile, the FBI and US National Security Agency declined to comment on the situation.
US Government offers $10 million ransomware bounty
Just one day later, on the 16th of June 2023, the United States Department's Rewards for Justice program announced a $10 million bounty for information linking the Clop ransomware attacks to a foreign government.
Advisory from @CISAgov, @FBI: https://t.co/jenKUZRZwt
— Rewards for Justice (@RFJ_USA) June 16, 2023
Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government?
Send us a tip. You could be eligible for a reward.#StopRansomware pic.twitter.com/fAAeBXgcWA
The news follows a recent announcement of hacker gang, Clop, publishing victim names on the darknet, including 25 organisations (consisting of universities and banks) and US federal bodies. Organisations from the United States, Canada, Germany, Belgium, and Switzerland were also affected. While most names haven’t been revealed, multinational oil and gas company, Shell, revealed that they had fallen victim.
Clop typically ‘names and shames’ victims before demanding ransom payments with a strict deadline to avoid data being breached.
While Clop continues to demand ransom payments of up to millions of dollars, cyber agencies and police forces are advising victims to not pay.
Fake cryptocurrency sites used for scam reward schemes
This month, it was reported that a historic cryptocurrency scam dating back to early 2021 has exploited thousands of victims into a scam reward scheme.
Scammers distributed direct messages on Twitter to lure targets into setting up an account on a decoy website to redeem a cryptocurrency reward they have won. However, victims were told to pay a small fee first.
The direct messages urged victims to create an account and apply a promo code, before withdrawing their reward of around 0.78632 bitcoin (approximately $20,300). However, victims were required to pay a deposit of 0.01 bitcoin (approximately $258) to complete the transaction.
Upon further investigation, the campaign was linked to a threat actor named ‘Impulse Team’, while the Twitter account responsible for sending the messages has since been removed.
According to bots in a public Telegram channel, victims deposited approximately $5,000,000.
As always, users are advised to always be wary of online ads, avoid clicking on suspicious links, be cautious of phishing campaigns, and keep up with emerging tactics from scammers.
Cyber security researchers impersonated in GitHub campaign
In May, cyber threat Intelligence platform, VulnCheck, discovered a malicious GitHub repository claiming to be a Signal 0-day. However, since then, several GitHub and Twitter profiles impersonating cyber security researchers have been set up to promote a malicious repository claiming to be an exploit for a well-known product.
The accounts impersonating researchers even featured legitimate headshots and were said to be part of a fictitious company named ‘High Sierra Cyber Security’. It’s not known whether or not the campaign has been successful.
In a public statement, VulnCheck says: “If you have engaged with any of the following accounts, consider the possibility that you’ve been compromised.”
Individuals are warned to always review the code they are executing and to never use anything they don’t understand. Meanwhile, security researchers must understand the risks of becoming targets
You’re one in two million!
Earlier this month, TryHackMe reached a huge two million users on the platform. To every single one of you, whether you’ve been here since the very beginning or you’re new to the platform, thank you so much.
To celebrate this momentous milestone, we ran several awesome giveaways on our social accounts, with prizes ranging from annual subscriptions, free t-shirts, and one-month access to our highly-demanded AWS Cloud Security training! While these giveaways have now come to a close, be sure to keep an eye out for future giveaways.
Our continued promise to you is that we will remain the platform you know and love, with heaps of brand new learning paths, rooms, and challenges just around the corner.
Here’s to two million - we wouldn’t be here without you! Take a look at our journey to two million.
Refer a friend: Give $5, Get $5
As another way to celebrate reaching two million users on TryHackMe, we launched a referral program that rewards you and the users you refer to us. This means that you can earn $5 credit for yourself and a friend! Spread the word and refer your friends today.
Ben Spring