News

Artificial intelligence: It’s society’s newest darling and newest villain. AI is the newest best friend to creatives, time-strapped people, and unfortunately, the newest sidekick of online scammers. AI platforms like ChatGPT, Craiyon, Voice.ai, and others are available to everyday people, meaning that the technology is creeping further into our daily lives. But is this mainstream AI for the better? Or for worse? 

Pros of AI in Daily Life 

Confidence builder 

According to McAfee’s Modern Love Research Report, 27% of people who admitted that they planned to use AI on Valentine’s Day said it was to boost their confidence. For some people, pouring their heart onto the page is difficult and makes them feel vulnerable. If there’s a tool out there that lessens people’s fear of opening up, they should take advantage of it.  

Just remember that honesty is the best policy. Tell your partner you employed the help of AI to express your feelings. 

Creativity booster 

Sometimes you just don’t know how to start your next masterpiece, whether it’s a painting, short story, or business proposal. AI art and text generators are great brainstorming tools to get the creative juices flowing. The program may think of an approach you would never have considered.  

Time saver 

Generative AI – the type of artificial intelligence technology behind many mainstream content generation platforms – isn’t new. In fact, scientists and engineers have been using it for decades to accelerate new materials and medical discoveries. For example, generative AI is central to inventing carbon capture materials that will be key to slowing the effects of global warming.1 

Online tools fueled by generative AI can save you time too. For instance, AI can likely handle run-of-the-mill emails that you hardly have time to write between all your meetings.   

Cons of AI in Daily Life 

Dwindling authenticity 

What happens to genuine human connections as AI expands? The Modern Love Report discovered 49% of people would feel hurt if their partner used AI to write a love note. What they thought was written with true feeling was composed by a heartless computer program. ChatGPT composes its responses based on what’s published elsewhere on the internet. So, not only are its responses devoid of real human emotion, but the “emotion” it does portray is plagiarized.  

Additionally, some artists perceive AI-generated components within digital artworks as cheapening the talent of human artists. The same with AI-written content is consistent with AI art: None of the art it generates is original. It takes inspiration and snippets from already-published images and mashes them together. The results can be visually striking (or nightmarish), but some argue that it belittles the human spirit. 

AI hallucinations are also a problem in the authenticity and accuracy of AI-generated content. An AI hallucination occurs when the generative AI program doesn’t know the answer to a prompt. Instead of diligently researching the correct answer, the AI makes up the answer. This can lead to the proliferation of fake news or inaccurate reporting. 

Faster and more believable online scams 

AI-generated content is expanding the repertoire and speed of online scammers. For example, phishing emails used to be easy to pick out of a crowd, because of their trademark typos, poor grammar and spelling, and laughably far-fetched stories. Now with ChatGPT, phishing emails are much more polished, since, at the sentence level, it writes smoothly and correctly. This makes it more difficult for even the most diligent readers to identify and avoid phishing attempts. Also, instead of spending time imagining and writing their fake backstories, phishers can offload that task to ChatGPT, which makes quick work of it.  

Cybercriminals are working out the possibilities of leveraging ChatGPT to write new types of malware quickly. In four hours, one researcher gave ChatGPT minimal instructions and it wrote an undetectable malware program.2 This means that someone with little to no coding experience could theoretically create a powerful new strain of malicious software. The speed at which the researcher created the malware is also noteworthy. A cybercriminal could trial-and-error dozens of malware programs. The moment authorities detect and shut down one strain, the criminal could release the next soon after. 

Malicious impersonation 

Deep fake technology and voice AI are expanding the nefarious repertoire of scammers. In one incident, a scammer cloned the voice of a teenager, which was so realistic it convinced the teenager’s own mother that her child was in danger. In actuality, the teen was completely safe.3 Voice AI applications like this one could add false legitimacy to the grandparent scam that has been around for a few years and other voice-based scams. According to McAfee’s Beware the Artificial Imposter report, 77% of people who were targeted by a voice cloning scam lost money as a result.  

The Verdict on AI 

So, what do you think? Is your day-to-day life easier or more complicated thanks to AI? Should people aim to add it to their routines or stop relying on it so much?  

The debate of AI’s place in the mainstream could go on and on. What’s undebatable is the need for protection against online threats that are becoming more powerful when augmented by AI. Here are a few general tips to avoid AI scams: 

• Read all texts, emails, and social media direct messages carefully. Now that phishers have cleaned up their spelling and grammar with ChatGPT, you’ll have to rely on the other telltale signs of phishing attempts. Is the message requiring immediate action, asking for your password or personal details, or inspiring intense feelings of anger, fear, or sadness? Take a step back and evaluate if the message makes sense. You can always delete it. If it’s truly urgent, the sender will follow up. 
• Keep a cool head. When someone you love is in trouble, it’s easy to immediately panic. Try your best to remain calm and try to locate the real person in case it’s an instance of deep fake or an AI-generated voice. Also, if you believe someone to be in danger, alert the authorities immediately. 
• Follow up with your own research. If you read an article or see a video that’s too sensational to believe, research the subject on your own to confirm or deny its accuracy. Research is crucial to avoiding the spread of fake and incendiary news. 

To cover all your bases, consider investing in McAfee+. McAfee+ is the all-in-one device, online privacy, and identity protection service. Live more confidently online with $1 million in identity remediation support, antivirus for unlimited devices, web protection, and more! 

1IBM, “Climate change: IBM boosts materials discovery to improve carbon capture, separation and storage” 

2Dark Reading, “Researcher Tricks ChatGPT Into Building Undetectable Steganography Malware” 

3Business Insider, “A mother reportedly got a scam call saying her daughter had been kidnapped and she’d have to pay a ransom. The ‘kidnapper’ cloned the daughter’s voice using AI.” 

The post Pros and Cons of AI in Daily Life appeared first on McAfee Blog.

The malware focuses on surveillance operations, according to a new advisory by Check Point Research

Several systems, including logistics systems, have been temporarily taken offline

The capabilities will expedite content generation and enhance decision-making processes

Policing organization issues Orange Notice to members

Notorious North Korean group pegged for recent campaign

Ukraine war may have been catalyst for targeting non-NATO countries

Backdoors, exploits, and Little Bobby Tables. Listen now! (Full transcript available…)

Paragon Solutions is yet another Israeli spyware company. Their product is called “Graphite,” and is a lot like NSO Group’s Pegasus. And Paragon is working with what seems to be US approval:

American approval, even if indirect, has been at the heart of Paragon’s strategy. The company sought a list of allied nations that the US wouldn’t object to seeing deploy Graphite. People with knowledge of the matter suggested 35 countries are on that list, though the exact nations involved could not be determined. Most were in the EU and some in Asia, the people said.

Remember when NSO Group was banned in the US a year and a half ago? The Drug Enforcement Agency uses Graphite.

We’re never going to reduce the power of these cyberweapons arms merchants by going after them one by one. We need to deal with the whole industry. And we’re not going to do it as long as the democracies of the world use their products as well.

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.

Campbell, Calif. based Barracuda said it hired incident response firm Mandiant on May 18 after receiving reports about unusual traffic originating from its Email Security Gateway (ESG) devices, which are designed to sit at the edge of an organization’s network and scan all incoming and outgoing email for malware.

On May 19, Barracuda identified that the malicious traffic was taking advantage of a previously unknown vulnerability in its ESG appliances, and on May 20 the company pushed a patch for the flaw to all affected appliances (CVE-2023-2868).

In its security advisory, Barracuda said the vulnerability existed in the Barracuda software component responsible for screening attachments for malware. More alarmingly, the company said it appears attackers first started exploiting the flaw in October 2022.

But on June 6, Barracuda suddenly began urging its ESG customers to wholesale rip out and replace — not patch — affected appliances.

“Impacted ESG appliances must be immediately replaced regardless of patch version level,” the company’s advisory warned. “Barracuda’s recommendation at this time is full replacement of the impacted ESG.”

Rapid7‘s Caitlin Condon called this remarkable turn of events “fairly stunning,” and said there appear to be roughly 11,000 vulnerable ESG devices still connected to the Internet worldwide.

“The pivot from patch to total replacement of affected devices is fairly stunning and implies the malware the threat actors deployed somehow achieves persistence at a low enough level that even wiping the device wouldn’t eradicate attacker access,” Condon wrote.

Barracuda said the malware was identified on a subset of appliances that allowed the attackers persistent backdoor access to the devices, and that evidence of data exfiltration was identified on some systems.

Rapid7 said it has seen no evidence that attackers are using the flaw to move laterally within victim networks. But that may be small consolation for Barracuda customers now coming to terms with the notion that foreign cyberspies probably have been hoovering up all their email for months.

Nicholas Weaver, a researcher at University of California, Berkeley’s International Computer Science Institute (ICSI), said it is likely that the malware was able to corrupt the underlying firmware that powers the ESG devices in some irreparable way.

“One of the goals of malware is to be hard to remove, and this suggests the malware compromised the firmware itself to make it really hard to remove and really stealthy,” Weaver said. “That’s not a ransomware actor, that’s a state actor. Why? Because a ransomware actor doesn’t care about that level of access. They don’t need it. If they’re going for data extortion, it’s more like a smash-and-grab. If they’re going for data ransoming, they’re encrypting the data itself — not the machines.”

In addition to replacing devices, Barracuda says ESG customers should also rotate any credentials connected to the appliance(s), and check for signs of compromise dating back to at least October 2022 using the network and endpoint indicators the company has released publicly.