Is ChatGPT a New Tool for Attackers? Top Cybersecurity News of January 2023
Third week into January 2023, and the cybersecurity world is buzzing with new threats and more sophisticated data breaches. This week we’ve seen a barrage of new attacks targeted towards the finance and hospitality industry. On top of that, we are seeing new research into how the revolutionary ChatGPT AI can potentially create a new domain for phishing attacks and scams.
Here are some of the most notable cybersecurity news from the third week of January:
PayPal announces a major data breach
Data breach alerts are being sent to thousands of PayPal customers whose accounts were compromised due to credential stuffing attempts.
Such attacks gain access to a user account by repeatedly attempting different combinations of usernames and passwords obtained from other various data leaks. It is likely that the attackers used an automated approach and deployed bots to try several different password combinations on PayPal accounts, which led to the breach of nearly 35,000 user data.
According to PayPal, the breaches occurred during the first week of December 2022, and till now, the company was investigating the attack before disclosing the impact. According to its statement, affected data included the users full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers.
Mailchimp suffers its second breach in six months
Mailchimp, a leading email marketing company, announced that 133 client accounts had been accessed by threat actors after a data breach occurred through the company’s internal systems.
This is Mailchimp’s second major data breach in 6 months. On January 11th, the company’s security team noticed unauthorised access to one of its client-facing management and customer service software.
“The unauthorised actor conducted a social engineering attack on Mailchimp employees and contractors and obtained access to select Mailchimp accounts using employee credentials compromised in that attack,” reads the official statement on the company’s site.
Nearly 300 UK restaurants affected by a ransomware attack
Yum Brands, a leading fast food corporation, announced on Wednesday 18th that a ransomware attack impacted its certain IT system. The attack led to the closure of nearly 300 restaurants in the UK for a day.
The company also stated that all the stores are now operational and it had initiated response protocols detection of the incident. The company has also started an internal investigation to reveal more details of the attack, and Federal law enforcement was also notified.
Yum Brands is known for operating Pizza Hut, KFC, and Taco Bell outlets in the UK, but the company didn’t reveal which of its restaurants were affected.
WithSecure research reveals frightening capabilities of ChatGPT
In the past few months, ChatGPT has taken the world by storm. OpenAI’s latest chatbot has displayed astonishing capabilities of generating versatile natural language text from small input. The tool has high-quality human-like language models which allow it to create content and dialogue with emotional sentiment in real time.
Leading security solution providers WithSecure has recently launched research showing how threat actors can potentially use ChatGPT to craft large-scale phishing campaigns, scams, and frauds and even create social validation for scams. The study shows that simply presenting a scenario to the AI and giving it specific prompts can allow the tool to create engaging dialogue, which could easily trick even the most aware users.
Security professionals are deeply concerned that the advanced capabilities and easy accessibility of GPT will create a new generation of threat actors known as ‘malicious prompt engineers’.
For more insights and analysis, follow Code Red on Twitter and LinkedIn.