ChatGPT Exploitation Rises, Yet Email Malware Still Dominates: Palo Alto Networks Report

·

·

Oh, the irony. Here we are, in the golden age of artificial intelligence, with ChatGPT making headlines and capturing the imagination of tech enthusiasts everywhere, and yet, the good old-fashioned PDF sent via email remains a cybercriminal’s best friend. It’s almost quaint, really.

According to a recent report by Palo Alto Networks, despite the impressive 910 per cent increase in monthly registrations for domains related to ChatGPT (both the good guys and the bad guys), phishing PDFs still account for a whopping 66 per cent of malware delivered through email. It’s like we’re all on a high-tech superhighway, and the bad guys are still using a horse and buggy to commit their crimes.

Huzefa Motiwala, Director of Systems Engineering, India and SAARC, at Palo Alto Networks, reminds us that email, combined with social engineering tactics, remains a popular infection vector. So, while we’re all busy marveling at the wonders of AI, let’s not forget the basics: Be cautious with suspicious emails or links related to ChatGPT and stick to the official OpenAI website. Simple, right?

But wait, there’s more! The Unit 42 Network Threat Trends Research Report Volume 2 reveals that exploitation of vulnerabilities has increased by 55 per cent compared to 2021. And guess where cybercriminals are focusing their efforts? Cloud workload devices running Linux malware – because, of course, an estimated 90 per cent of public cloud instances run on Linux. Within this, the most common threats against Linux systems are botnets (47 per cent), coinminers (21 per cent), and backdoors (11 per cent).

Industries deploying operational technologies (OT), like manufacturing and energy, have experienced a staggering 238 per cent increase in malware attacks. To combat this, it’s essential to deploy simple, scalable solutions that provide granular visibility and meet the critical uptime requirements of OT devices.

So, what’s the solution? Motiwala suggests adopting a Zero Trust framework to eliminate implicit trust and integrate an “always verify”approach throughout the enterprise. By continuously validating all digital transactions, security efficacy can be maximised. It’s also time for organisations to re-evaluate legacy virtual private server (VPS) solutions to reduce today’s cloud-first business operations’ attack surface.

Sean Duca, VP and Regional Chief Security Officer at Palo Alto Networks, sums it up: “Cybercriminals, no doubt, are looking at how they can leverage [AI] for their nefarious activities, but for now, simple social engineering will do just fine at tricking potential victims.”

So there you have it. As our world becomes ever more technologically advanced, it’s important to remember that the bad guys aren’t always using the latest and greatest gadgets to wreak havoc. Sometimes, all it takes is an old-school PDF and some social engineering to cause problems. And as threat actors continually evolve their techniques, we must stay vigilant against both the cutting-edge and the tried-and-true methods of cybercrime.


Source: www.businesstoday.in