This is your easyDNS #AxisOfEasy Briefing for the week of December 16th, 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

This week’s edition will be the last of 2024.  We will be back for Jan 10th.  Wishing every one a Merry Christmas and a Happy New year. 

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

In this issue: 

• Ghosted by ChatGPT: The Chilling Tale of Digital Erasure
• Ransomware Group Cicada3301 Strikes French Peugeot Dealership
• Optum AI Chatbot’s Public Exposure Sparks Privacy Concerns
• The Mask APT Returns with Advanced Multi-Platform Malware
• Trudeau Minister Marco Mendicino Faces Censure Over Emergencies Act Lies

Elsewhere Online:

• Linux eBPF Exploited in New Wave of Malware Campaigns
• HubSpot Phishing Campaign Compromises 20,000 Manufacturing Employees
• TikTok Faces EU Scrutiny Over Alleged Foreign Interference in Romanian Elections
• Russia-Linked Hackers Exploit RDP Flaws to Target High-Value Victims
• Regional Care Suffers Data Breach, 225,000 Affected
  

Ghosted by ChatGPT: The Chilling Tale of Digital Erasure

OpenAI’s ChatGPT has reportedly been ghosting certain individuals, returning errors when their names are searched. Among those affected are Jonathan Turley, Shapiro Professor of Public Interest Law at George Washington University, and other notable figures like Harvard Professor Jonathan Zittrain and CNBC anchor David Faber.

Turley’s journey into digital obscurity began when ChatGPT falsely accused him of misconduct. The issue highlights the concerning power of AI systems to effectively “erase” individuals without accountability. As AI’s influence grows, the need for legislative action to address such risks becomes apparent.

Jonathan Turley emphasizes the importance of this issue: “There is no false story if there is no discussion of the individual.”

The controversy underscores the need for transparency and safeguards in AI technology, as well as the potential legislative solutions to ensure individuals are not unjustly erased from the digital world.

Read: https://jonathanturley.org/2024/12/16/ghosted-by-chatgpt-how-i-was-first-defamed-and-then-deleted-by-ai/

Ransomware Group Cicada3301 Strikes French Peugeot Dealership

Cicada3301 ransomware has claimed a breach of Concession Peugeot, a major French dealership, on December 15, 2024. The group alleges it stole 35GB of sensitive data, including invoices, passport copies, and internal communications.

Operating under a Ransomware-as-a-Service (RaaS) model, Cicada3301 shares tactics with BlackCat ransomware, using ChaCha20 encryption and cross-platform targeting. “This group exemplifies a calculated, high-value attack strategy,” cybersecurity firm Truesec noted.

The breach highlights the escalating threat of sophisticated ransomware operations.

Read: https://hackread.com/cicada3301-ransomware-french-peugeot-dealership/

Optum AI Chatbot’s Public Exposure Sparks Privacy Concerns

On December 13, 2024, cybersecurity researcher Mossab Hussein discovered Optum’s internal AI chatbot, “SOP Chatbot,” was publicly accessible online without password protection. The chatbot, used by employees to handle insurance claims, revealed internal procedures but did not contain sensitive health information.

Optum spokesperson Andrew Krejci stated the chatbot was a “demo tool” never fully deployed. “This technology was never scaled nor used in any real way,” Krejci confirmed.

Employees reportedly queried the bot on claims processes and denial reasons, with hundreds of interactions since September. Some even attempted to bypass its training to produce unrelated responses.

The breach raises concerns amid criticism of parent company UnitedHealth for alleged misuse of AI in denying patient claims. A federal lawsuit accuses UnitedHealthcare of relying on error-prone AI models to deny elderly patients coverage.
The incident underscores risks in deploying AI tools and the ongoing scrutiny of UnitedHealth’s practices, which reportedly generated $22 billion in profits in 2023.

Read: https://techcrunch.com/2024/12/13/unitedhealthcares-optum-left-an-ai-chatbot-used-by-employees-to-ask-questions-about-claims-exposed-to-the-internet/

The Mask APT Returns with Advanced Multi-Platform Malware

The Mask, an advanced cyber espionage group, resurfaced with new attacks targeting a Latin American organization in 2022. The group, known for sophisticated operations since 2007, primarily targets governments and research entities. Kaspersky’s researchers Georgy Kucherin and Marc Rivero documented the attack, which involved a complex malware arsenal affecting Windows, macOS, Android, and iOS systems.

The Mask gained initial access through spear-phishing emails, exploiting browser-based zero-day vulnerabilities. In 2022, they maintained persistence using a custom extension in the MDaemon webmail component, enabling further exploitation within the organization’s network. The backdoor, FakeHMP, allowed for reconnaissance, file theft, and keylogging.

The Mask has also employed tools like Careto2 and Goreto, which are used to capture keystrokes, exfiltrate data, and deploy additional payloads. The group’s persistence techniques, including the abuse of legitimate drivers like “hmpalert.sys,” highlight their adaptability. This continued activity underscores the group’s ability to develop sophisticated, multi-component malware for espionage.

Read: https://thehackernews.com/2024/12/the-mask-apt-resurfaces-with.html

Trudeau Minister Marco Mendicino Faces Censure Over Emergencies Act Lies

Canada’s former Public Safety Minister Marco Mendicino is at the center of a heated parliamentary debate over accusations of “deliberately lying” about the justification for invoking the Emergencies Act during the 2022 Freedom Convoy protests. Conservative MP Glen Motz, leading the push for accountability, said, “Parliament deserves clear and definitive answers. We must be entitled to the truth.”

The Emergencies Act, invoked on February 14, 2022, granted sweeping powers to law enforcement, including freezing financial assets and arresting demonstrators. Mendicino repeatedly claimed that law enforcement had recommended its use, but a report revealed this was false. It stated, “The Special Joint Committee was intentionally misled.”

Mendicino, removed from cabinet in 2023, has yet to publicly address the allegations. Opposition MPs, including New Democrat Matthew Green, questioned the government’s transparency, with Attorney General Arif Virani citing solicitor-client privilege to withhold key legal documents.

Critics argue the misuse of the Act, later ruled unconstitutional by a federal court, sets a dangerous precedent. The Trudeau government is appealing the decision, deepening public concerns over accountability and transparency.

Read: https://reclaimthenet.org/marco-mendicino-censure-emergencies-act-controversy-freedom-convoy

Elsewhere Online:

Linux eBPF Exploited in New Wave of Malware Campaigns
Read: https://hackread.com/hackers-exploit-linux-ebpf-malware-ongoing-campaign/

HubSpot Phishing Campaign Compromises 20,000 Manufacturing Employees
Read: https://www.darkreading.com/cloud-security/manufacturing-orgs-azure-creds-hubspot-phishing-attack

TikTok Faces EU Scrutiny Over Alleged Foreign Interference in Romanian Elections
Read: https://www.infosecurity-magazine.com/news/european-commission-tiktok-probe/

Russia-Linked Hackers Exploit RDP Flaws to Target High-Value Victims
Read: https://thehackernews.com/2024/12/apt29-hackers-target-high-value-victims.html

Regional Care Suffers Data Breach, 225,000 Affected
Read: https://www.securityweek.com/regional-care-data-breach-impacts-225000-people/