Threat Landscape Briefing – July 2023

In this month’s briefing we explore:

• Sextortion and artificial intelligence. (Timestamp – 01:03)
  • Report any type of extortion activity to local law enforcement; there are provisions to help victims with these new methods of sextortion.
  • See Info-Tech’s Develop a Security Awareness and Training Program That Empowers End Users blueprint.
• New PowerShell malware targeting US aerospace industry. (Timestamp – 04:56)
  • The increased use of scripting languages that aid cybercriminals with their attacks should keep organizations vigilant and aware of their use of the configuration management program within Windows environments.
  • See Info-Tech’s Debunk Machine Learning Endpoint Security Solution.
• ChatGPT hallucinations that can be exploited to distribute malware. (Timestamp – 07:02)
  • It’s important to assess the risks associated with using generative AI alongside the benefits. If you’re not careful, what begins as a quick win might turn into a long-lasting headache stemming from supply chain compromise or data quality or integrity issues.
  • See Info-Tech’s Webinar: Impossible to Ignore: Develop Guiding Principles for Responsible Adoption of Generative AI.
• MOVEit vulnerabilities defined as zero-days. (Timestamp – 08:41)
  • SQL injection attacks are a known attack vector that are widely documented, are listed as an OWASP Top 10, and ought to be readily mitigated through well-established static and dynamic scanning tools.
  • See Info-Tech’s Build a Vendor Security Assessment Service blueprint.
• Who’s afraid of polymorphic malware? (Timestamp – 12:00)
  • AI-driven polymorphic malware makes for catchy headlines, but they are in fact quite common.
  • See Info-Tech’s Build Resilience Against Ransomware Attacks blueprint.