F5 QSN, ChatGPT Malware, and Cryptocurrency Hacks
As defenders, it's vital to stay up-to-date with new technologies, techniques, and information to protect the businesses, reputation, and livelihoods of our clients. The F5 SIRT team understands the problem of information overload and strives to curate and disseminate the most interesting and essential information regarding security news in a digestible format.
The recent Quarterly Security Notification (QSN) by F5 on May 3rd, 2023, has disclosed a set of vulnerabilities. F5 publishes the disclosure dates in advance to provide customers ample time to plan for updates or upgrades before the public disclosure. We recommend customers review the overall and specific vulnerabilities disclosed in the QSN found here: K000133251: Overview of F5 vulnerabilities (May 2023). F5 SIRT team also conducts a live stream for customers to get a high-level briefing on the issues in each QSN. If you missed the announcement, you can still watch the pre-recorded video on YouTube.
One of the biggest challenges faced by defenders is the speed at which threat actors update their tactics. They constantly adjust and use multiple platforms to evade detection and ensure that no service has complete visibility into their operation. Large language models (LLM) are becoming a popular tool for threat actors ever since ChatGPT was released to the public, resulting in a dramatic increase in their usage. The Q1 2023 Security report from Meta has identified around ten malware families posing as ChatGPT and similar tools since March 2023 alone.
Threat actors are now creating malicious browser extensions that claim to offer ChatGPT-related tools and contain malware. Some of the malicious extensions even include working ChatGPT functionality along with malware to avoid suspicion. Additionally, the report notes that malware families posing as ChatGPT apps have switched their lures to other popular themes like Google's Bard or TikTok marketing support in response to detection. Threat actors constantly adapt their strategies to evade detection and gain access to sensitive information. Therefore, it's important to be cautious about the potential abuse of new technology and tools and remain aware of evolving threats. Defenders must share threat intelligence and collaborate to stay ahead of threat actors and protect users from malicious activities.
Level Finance, a DeFi project on the Binance Smart Chain, was recently hit by an attack on May 1st. The attacker exploited a bug in the LevelReferralControllerV2 contract, leading to $1.1 million in stolen referral rewards. The stolen 214,000 LVL tokens were swapped for 3,345 BNB, causing an initial 65% LVL price drop. The attack went unnoticed until a tweet by Definalist raised an alert, emphasizing the significance of on-chain monitoring systems to detect suspicious activities. Third-party audits such as the two conducted for Level Finance missed this vulnerability. Therefore, it's critical to supplement audits with decentralized security controls and on-chain monitoring systems to ensure comprehensive security. This is often referred to as defense in depth, which involves combining multiple layers of security controls to better protect against vulnerabilities and detect attacks at an early stage.
Implementing multiple layers of security controls is crucial for securing your organization's assets against cyber threats. By staying vigilant and collaborating with others in the industry, we can stay ahead of evolving threats and protect our clients from malicious activity.
