PRESENTED BY

Cyber AI Chronicle

By Simon Ganiere · 30th June 2024

Welcome back!

Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.

Table of Contents

What I learned this week

TL;DR

  • I keep running some small changes on last week agentic workflow. Slowly getting there. As i’m still on holiday this week, I wasn’t paying much attention to the news (and my phone to be honest). However, based on some emails and other chat groups I’m part on, two situations got my attention: Hubspot and TeamViewer. So I decided to run that workflow for those two topics: Hubspot & TeamViewer. Let me know what you think, is this value add? What is missing?

  • Geopolitics is still one of the most significant drivers in the cyber space. Like or don’t like it, it is the case. From the ban of Kaspersky anti-virus and the sanction of 12 top executives to the revival of hacktivism to Microsoft continuing to report impact from their compromise by midnight blizzard…if this is not the definition of a gift that keeps on giving.

  • The AI world is taking no rest either. From the launch of Gemma 2 by Google, OpenAI announcing they are delaying the advance voice mode announced earlier this year. In the chapter of vulnerability and AI product, the Rabbit R1 was already facing a lot of troubles including a significant vulnerability. Microsoft also shared a new way to do jailbreaking and give it the name of “Skeleton key” not to be confused with the Active Directory Skeleton key attack.

  • On the deep dive topic for this week, Let’s uncover the hidden dangers behind 'pig butchering' scams, where a simple message can lead to a $75 billion criminal enterprise. Learn how these scams exploit trust and digital vulnerabilities, crucial for safeguarding against online fraud » MORE

Pig Butchering: The $75 Billion Scam

The term "pig butchering" may evoke images of rural farms, but in today's digital age, it signifies something far more insidious. This scam has amassed over $75 billion through sophisticated online fraud, exploiting both financial aspirations and emotional vulnerabilities. It's a criminal enterprise that not only targets the vulnerable but also fuels human trafficking and exploits weaknesses in digital currency systems.

How It Works

These scams often begin innocuously, with a seemingly harmless message. For instance, you might receive a text from an unfamiliar number asking about something mundane like dog food. If you respond, the scammer, posing as a friendly acquaintance, will gradually build rapport with you. Over days or weeks, they may assume a false identity, often as an attractive person of the opposite sex, and gradually reveal supposed successes in cryptocurrency trading.

Once trust is established, they introduce a "special" trading program, sometimes guiding you through setting up an account on a legitimate cryptocurrency exchange such as Coinbase. Initially, they allow you to withdraw funds to build your confidence. However, as you invest more, they abruptly block your withdrawals and vanish with your money.

The Human Toll

What makes pig butchering scams particularly nefarious is that those sending these messages are often victims themselves. Deceived by promises of lucrative jobs, they find themselves trapped in compounds in countries like Cambodia and Myanmar. Their passports are confiscated, and they are coerced into perpetrating these scams under threat of violence.

Many hostages endure unimaginable conditions, facing physical and psychological abuse if they resist. Their suffering is often used as leverage, with captors exploiting their plight to extort money from families or coerce them into continuing the scams.

The Scale of the Issue

The scale of pig butchering scams is staggering. Interpol highlighted in a recent report that just in Southeast Asia, human trafficking-fuelled fraud is exploding as organised crime rings are raking in close to $3 trillion(!) in illicit revenue annually. For reference, France’s economy is worth $3.1 trillion according to the International Monetary Fund!

Funds flow through cryptocurrency exchanges, complicating efforts to trace and recover them. Major platforms like Binance and Huobi have been identified as significant recipients of these illicit funds.

Governments worldwide struggle to combat these scams. In some jurisdictions, corrupt officials shield scam operations in exchange for bribes. Even when authorities shut down one compound, another quickly emerges elsewhere.

Addressing the Challenge

Combatting pig butchering scams requires a multifaceted approach:

  1. Enhanced Awareness and Education: Public awareness campaigns should emphasize skepticism towards unsolicited messages and investment opportunities promising unrealistic returns. Education on safe online practices is crucial in preventing individuals from falling victim to these scams.

  2. Regulatory Measures: Governments must strengthen regulations around cryptocurrency exchanges and online financial transactions. Enhanced oversight and transparency can deter criminals from exploiting digital currencies for illicit activities.

  3. International Cooperation: Effective collaboration among law enforcement agencies and financial institutions on a global scale is essential. Shared intelligence and coordinated efforts can disrupt and dismantle transnational scam networks.

  4. Support for Victims: Comprehensive support systems are needed to assist victims of pig butchering scams, including legal aid, financial restitution, and psychological counseling. Addressing the human impact of these scams is vital in fostering resilience and recovery.

Conclusion

Pig butchering scams expose the dark underbelly of digital advancement, exploiting both financial aspirations and emotional vulnerabilities while enslaving others to perpetrate their schemes. As these scams evolve, vigilance and proactive measures are paramount. By enhancing awareness, strengthening regulations, fostering international cooperation, and supporting victims, we can collectively combat this growing menace.

Moreover, the rise of AI technologies poses additional challenges. Deepfake technology, for example, could potentially be used to manipulate videos or messages, further complicating efforts to verify identities and intentions online. Safeguarding our financial futures and preserving our humanity requires a holistic approach that addresses technological vulnerabilities alongside legal and regulatory frameworks.

Only through concerted global efforts can we hope to eradicate pig butchering scams, thereby protecting individuals worldwide from financial exploitation and ensuring the integrity of digital interactions.

Worth a full read

ONNX Store: Phishing-as-a-Service Platform Targeting Financial Institution

ONNX Store's advanced phishing tools and operational security improvements pose significant threats to financial institutions globally.

blog.eclecticiq.com/onnx-store-targeting-financial-institution

Key Takeaway

  • ONNX Store uses QR codes in PDFs to redirect victims to phishing URLs.

  • The platform operates through a user-friendly interface accessible via Telegram bots.

  • ONNX Store has a 2FA bypass mechanism that intercepts 2FA requests from victims.

  • Phishing pages mimic Microsoft 365 login interfaces to steal authentication details.

  • ONNX Store is likely a rebranded version of the Caffeine phishing kit.

  • The rebranding focuses on improved operational security for malicious actors.

  • ONNX Store enables threat actors to control operations through Telegram bots.

  • ONNX Store offers various phishing tools, including customizable phishing pages and webmail servers.

  • QR codes are used to evade endpoint detection, targeting mobile devices.

  • Phishing campaigns target financial institutions across EMEA and AMER regions.

  • Bulletproof hosting services offer cybercriminals a haven for malicious activities.

  • Stolen email credentials are often sold on underground forums.

  • Ransomware groups use stolen credentials as an initial compromise vector.

Using Generative AI defensively is crucial to counteract the sophisticated threats posed by malicious AI applications.

Threat actors are already using large language models to enhance their attack capabilities - but it's not just the bad guys that can deploy Generative AI to their advantage.

www.thestack.technology/fighting-ai-with-ai-zcaler-leaders-on-new-threats-and-how-to-defeat-them

Key Takeaway

  • Generative AI's dual role as both a threat and a defense tool in cybersecurity.

  • Low-skilled attackers can now create sophisticated exploits using LLMs.

  • Nation-state actors are targeting AI development environments for strategic advantages.

  • Dynamic, automated AI-powered malware represents a new frontier in cyber threats.

  • Predictive AI models have evolved into generative methods for proactive threat detection.

  • Zero Trust architecture effectively mitigates multiple stages of cyber attacks.

  • Data security posture management continuously refines security policies to protect data.

  • Prompt visibility mechanisms help control and monitor user interactions with Gen AI models.

  • Integrating AI into cybersecurity platforms is essential for combating advanced threats.

  • Unified Experience console enhances organizational security posture visibility.

Everything About Social Media Intelligence (SOCMINT) and Investigations

SOCMINT leverages diverse social media data for investigations but faces challenges in privacy expectations and user identification.

www.maltego.com/blog/everything-about-social-media-intelligence-socmint-and-investigations

Key Takeaway

  • SOCMINT is a subdiscipline of OSINT focused on collecting and analyzing social media information.

  • SOCMINT can be used by governments, private intelligence agencies, and marketing companies.

  • SOCMINT includes techniques, technologies, and tools for social media data collection and analysis.

  • SOCMINT differs from OSINT due to the expectation of privacy on social media platforms.

  • OSINT uses publicly available information, while SOCMINT may access restricted social media data.

  • SOCMINT includes all social media platforms, not just social networking sites.

  • Information types in SOCMINT: profile information, interactions, and metadata.

  • SOCMINT is used in investigations of terrorism, organized crime, human trafficking, and more.

Research Report

Explainable Artificial Intelligence Applications in Cyber Security: State-of-the-Art in Research

Summary: This paper provides a comprehensive review of Explainable Artificial Intelligence (XAI) methods applied to cyber security, highlighting the need for transparency and interpretability in AI-based security systems. It discusses the limitations of current AI techniques, the importance of XAI in building trust, and reviews various XAI applications in defending against cyber attacks such as malware, spam, botnets, fraud, phishing, network intrusion, and DoS attacks. The paper also explores XAI's role in different industrial applications like healthcare, smart cities, smart farming, financial systems, HCI, and smart transportation. Additionally, it addresses the challenges faced by XAI models, including adversarial attacks and the need for high-quality datasets, evaluation metrics, and privacy considerations. The study concludes with key insights and future research directions for enhancing XAI in cyber security.

Published: 2022-08-31T16:06:31Z

Authors: ZHIBO ZHANG, HUSSAM AL HAMADI, ERNESTO DAMIANI, CHAN YEOB YEUN, FATMA TAHER

Organizations: Khalifa University, Khalifa University, Khalifa University, Khalifa University, Zayed University

Findings:

  • XAI enhances trust in AI-based cyber security systems.

  • XAI methods improve transparency and interpretability.

  • XAI applied to various cyber attacks: malware, spam, botnets.

  • XAI used in industrial applications: healthcare, smart cities.

  • Challenges include adversarial attacks on XAI models.

Final Score: Grade: A, Explanation: Comprehensive, rigorous review with significant insights into XAI applications in cyber security.

Download Report

Some more reading

Notorious cyber gang UNC3944 attacks vSphere and Azure to run VMs inside victims' infrastructure » READ

OpenAI buys Rockset to make AI “more helpful” in the enterprise » READ

China-Nexus ThreatGroup ‘Velvet Ant’Abuses F5 LoadBalancers forPersistence » READ

Global revival of hacktivism requires increased vigilance from defenders » READ

A reality check on Superhuman AI » READ

[French] Les 10 principaux modèles d'IA générative reprennent les récits de désinformation russes un tiers du temps, en citant comme des sources faisant autorité de faux sites d'information locaux créés à Moscou » READ

The fugitive Florida deputy Sheriff who became a Kremlin disinformation impresario » READ

Wisdom of the week

Contact

Let me know if you have any feedback or any topics you want me to cover. You can ping me on LinkedIn or on Twitter/X. I’ll do my best to reply promptly!

Thanks! see you next week! Simon

Reply

Avatar

or to participate

Keep Reading

© 2026 Project Overwatch - The views and opinions expressed are my own and not those of any of my current, previous, or future employers..
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv