Full-blown virtual war (2)

Based on the projections of global cybersecurity firm Sophos, this year will not see a letup in online crime and espionage.

Ransomware attacks will become more intense, especially against healthcare and educational institutions that frequently operate on limited cybersecurity budgets and with legacy systems in place.

This was the case in the hacking incident on state firm Philippine Health Insurance Co. on 22 September 2023 that compromised the data of an estimated 42 million PhilHealth members.

The agency’s antivirus software had expired between 15 April and 15 May 2023 making its system vulnerable, particularly after a delay in procuring a new subscription.

Stolen PhilHealth data appeared on the dark web after the government declined to meet the hackers’ ransom demand.

A preliminary investigation showed the leaked information included identification cards of PhilHealth employees, such as Government Service Insurance System (GSIS) IDs.

Department of Information and Communications Technology (DICT) Undersecretary Jeffrey Dy reported finding copies of employee payrolls, regional office memos, directives, working files and hospital bills on the dark web.

“In terms of PII (personal identifiable information), we saw some IDs, pictures which we cannot ascertain at the moment if they are PhilHealth employees or members,” he said.

The DICT previously reported that cybercriminals had demanded $300,000 (approximately P17 million) for the decryption keys and to prevent further dissemination of the stolen data.

DICT and PhilHealth said the main database, which contained sensitive information such as claims, contributions and accreditation details, was not part of the affected servers targeted by the Medusa ransomware attack.

The health and education sectors also handle significant amounts of sensitive personal data.

In the case of healthcare, ransomware attacks disrupt essential life-saving operations, and there you have a perfect storm of pressure that helps attackers secure quick ransom payments.

Sophos’ study indicated that every new internet technology has a honeymoon period that ends when reality sets in. That time is coming for the latest large language models (LLMs) as vulnerabilities and malware emerge.

Microsoft has been issuing patches for AI products over the past year, and we’re starting to see how attackers can use LLMs to deploy malware such as trojans.

Eventually a clearer picture will emerge of AI risks, and users and security professionals will need to figure out the best way to patch “vulnerabilities, safeguard against malware, and protect against the eventual attacks that inevitably follow vulnerabilities and malware,” according to Christopher Budd, director of Sophos X-Ops.

Sophos said with the use of AI, certain cybercriminal activities have been democratized which means that low-skilled, opportunistic attackers can now ask AI platforms for “educational” information on how to build anything terrible, from a believable phishing lure to a sample of code from popular ransomware.

While AI-generated attacks have a low success rate and often seem obvious, they contribute to a growing flood of “noise” in offensive operations, obscuring the real threats.

LLMs like ChatGPT signaled a significant breakthrough in the development of AI in the past few years.

The improvement and development of AI is a slow-moving process punctuated by significant changes, Sophos summarized.