In this week’s roundup we take a look at some of the potential implications of the massively popular ChatGPT AI and look at the latest cyber security incidents to have hit the headlines.
This week’s observation from our Incident Response Team
The introduction of ChatGPT's AI technology in November 2022, while revolutionary, is also susceptible to exploitation.
This may attract novice cybercriminals and increase cyber risks. The potential for abuse has been a hot topic among cybercriminal forums, where discussions on using ChatGPT to enhance various cyber threats such as phishing emails, faster malware deployment, and more effective Business Email Compromise (BEC) are taking place.
As a result, organisations and individuals should be aware of the potential risks associated with this technology and take appropriate measures to protect themselves. This can include educating employees on how to identify phishing attempts, implementing strong security measures such as firewalls and antivirus software, and regularly backing up important data. Additionally, staying informed about the latest developments in the world of cybercrime (such as by reading these weekly reports) can help organisations and individuals stay ahead of potential threats and mitigate their impact.
Something a bit different this week as we share the list of the top 10 most exploited vulnerabilities of 2022. There’s a high chance some of these will make it into the 2023 list too as organisations fail to patch them. We recommend that organisations patch for each of the below as soon as possible.
- Log4Shell (CVE-2021-44228)
- Follina (CVE-2022-30190)
- Spring4Shell (CVE-2022-22965)
- Google Chrome Zero-Day (CVE-2022-0609)
- F5 BIG-IP (CVE-2022-1388)
- Microsoft Office Bug (CVE-2017-11882)
- ProxyNotShell (CVE-2022-41082, CVE-2022-41040)
- Zimbra Collaboration Suite Bugs (CVE-2022-27925, CVE-2022-41352)
- Atlassian Confluence RCE Flaw (CVE-2022-26134)
- Zyxel RCE Vulnerability (CVE-2022-30525)
Here’s a roundup of the cyber security incidents that have made headlines this week.
10 million JD Sports customers impacted by cyber attack
JD Sports, a sportswear chain, announced a possible data breach that may have put information of 10 million customers at risk. The hackers may have accessed names, addresses, email accounts, phone numbers, order details, and the last four digits of bank cards for online orders from November 2018 to October 2020.
The company said it was reaching out to affected customers and stated the impacted data is "limited". It further noted that it does not hold full payment card information and does not believe that hackers gained access to account passwords.
Retailers are often targets of cyber-crime due to the collecting and storing of a vast array of personal and financial information including names, addresses, credit card numbers, and purchase histories, making them a valuable target for cyber criminals. In addition, retailers often handle a large volume of transactions, making them an attractive target for financial fraud.
Additionally, many retailers have outdated or insufficient cybersecurity measures, making them vulnerable to attacks. As a result, retailers must prioritise protecting their customers' data and investing in strong cyber security measures to stay ahead of potential cyber threats.
The amount of customer records potentially accessed as a result of the JD sports incident is shockingly high and pertains to a two year period of online orders.
While passwords and payment information was not disclosed, Personal Identifiable Information (PII) such as contact information was. This exposes users to targeted phishing attacks for the purposes of fraud. The scope of the attack was extended to subsidiary brands of the JD sports group. Anyone who has made an online order from the JD sports group over the time period in question should be extra vigilant of phishing emails and fraud.
Russian Cyber Gang Killnet attacks multiple Ukrainian Allies
A pro-Russia hacking group, Killnet, has claimed responsibility for a cyberattack that disabled the websites of over a dozen US hospitals this week.
The group, known for launching DDoS attacks, stated it took down the websites of 14 US hospitals, including Stanford Healthcare, Duke University Hospital, and Cedars-Sinai. Killnet also launched DDoS attacks against several medical facilities in the Netherlands with the University Medical Centre Groningen being the largest.
Killnet has been conducting DDoS attacks against government agencies and firms since the start of the war in Ukraine. Targets have included British, Spanish, and Norwegian hospitals.
Further highlighting the geopolitical risks The UK’s National Cyber Security Center (NCSC) last week warned of increased targeted attacks from Iran or Russia, mainly in the form of phishing attacks aiming to steal sensitive information.
Cyber attack on financial data group impacts trading
Ion Markets, a financial data group, has suffered a cyber-attack that impacted its cleared derivatives unit. The Dublin-based firm said the attack was contained to a specific environment, and services are being remediated. The Futures Industry Association is working with clearing houses, trading platforms, and regulators to evaluate the extent of the attack's impact on trading, processing, and clearing. This comes a week after a glitch at the New York Stock Exchange caused market chaos.
A client alert stated that all emails from ION or affiliates were being investigated by security staff. Fidessa, acquired by ION in 2018, notified that a cyber incident involving LockBit and VMware servers was the cause of the issue preventing access to certain systems. LockBit is ransomware that blocks access to computer systems and often demands a ransom payment. Fidessa stated that the spread was limited to cleared derivatives front, middle, and back offices services for clients and no other products or business lines were affected.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.