3 May. (Portaltic/EP) –
Goal has shared some of the measures adopted during the first quarter of 2023 for combat threats detected in their applications aimed at individuals and companies, such as malware campaigns in which cybercriminals simulate ChatGPT applications or the nine antagonistic networks detected that participate in operations of cyber espionage.
The technology company led by Mark Zuckerberg has published the results of its Security Report of the first quarter of this year, in which he underlined the importance of protecting the safety of people and companies that use their ‘apps’.
For this, the Director of Information Security at Meta, Guy Rosenhas indicated that the company’s approach has been to assemble teams working on “integrity, security, support and operations” to drive security “as effectively as possible,” tracking and taking action against threat actors “all over the world.”
Thus, as Meta has detailed in a statement on its websiteone of the types of attacks that have stood out the most during this period have been malware campaigns in which the cybercriminals use trending topics to attract the attention of users as, in this case, the generative Artificial Intelligence (AI) technology with ChatGPT.
Specifically, the company has indicated that, since March, analysts have found around ten different families of ‘malware’whose attack was based on spoof ChatGPT apps and similar tools. Campaigns around cryptographic scams were also identified.
In these campaigns, malicious actors created malicious browser extensions available in official web stores that offered the fake AI-related tools. In some cases, even the extension included real ChatGPT functions, In addition to ‘malware’, to hide and avoid raising suspicions.
However, the Meta research team managed to block over a thousand malicious extensions from these ‘malware’ campaigns so that they were not shared by users in their applications. The company also reported these malicious campaigns to other industry file-sharing service applications so that they “also take appropriate action.”
On the other hand, Meta has also identified malicious campaigns that are based on spreading the threat “across as many platforms as possible” to protect against the protection measures of the different services.
As exemplified by Meta, researchers have detected cases in which malware families take advantage of Internet services. apps like Meta and LinkedIn, browsers like Chrome, Edge and Firefox, link shorteners, cloud file hosting like Dropbox and other series of services to spread the ‘malware’. In this way, when they are detected, they are mixed in more services to “disguise” the final destination of the links.
Likewise, another of the actions they carry out is change your lures to other hot topics when the malicious campaign has already been detected. In other words, if the cybercriminal has launched a campaign simulating a ChatGPT application and this campaign is detected, it changes the lure to others such as Google’s Bard to continue going unnoticed.
Meta ensures that it shares its discoveries with other companies in the industry to help champion the sector. “The insights we gain from this research help drive continued product development to protect people and businesses,” says the technology company.
In fact, another of the projects that Meta is launching is the support for companies affected by ‘malware’so they can get help on how to stop it.
CYBERESPIONAGE NETWORKS
Within the Security Report for the first quarter of this year, Meta has also shared the detection of nine adversary networks dedicated to launching attacks against the security of users and companies with cyber espionage and covert influence operations.
As the company has detailed, six of these networks engaged in coordinated inauthentic behavior (CIB). In other words, it deals with a series of real personal accounts, which may or may not be automated, with which various remotely coordinated actions are expanded.
These networks originate from United States, Venezuela, Iran, China, Georgia, Burkina Faso and Togo and, as Meta has recorded, they were mainly aimed at people outside their countries. In these accounts, malicious actors simulated the address of false entities such as the media or NGOs in applications such as Facebook, Telegram, YouTube or TikTok, among others.
With all this, Meta ensures that its team of researchers removed “most of these networks” before they could generate “authentic audiences” cheated by CIB accounts. Furthermore, half of these CIB network operations were linked to private entitiesas a US marketing company and a political marketing consultancy in the Central African Republic, according to Meta.
The three other adversarial networks were engaged in operations cyber espionage in South Asia. These espionage operations included a group of advanced persistent threats (APT) attributed to malicious actors linked to the pakistan state, a threat actor India who calls herself Patchwork APT, and a group of threats known as Bahamut ATP of South Asia.
These cybercriminal groups used social engineering to trick users into They will click on malicious links to download ‘malware’ or to share personal data.