5 Wackiest Cybersecurity Stories of 2023 | NewPush Blog

The world of information security covers a range of topics, and in such a rapidly evolving field, we sometimes come across unique, unusual and even downright whacky stories. These include bizarre attack methods and cybercriminals getting their comeuppance.

1. Hacking into Pets Eating Habits

Researchers from Kaspersky discovered two security flaws in popular smart pet feeders that could lead to data theft and privacy invasion.

2. BlackCat Gang Taking Incident Reporting Rules Seriously

Ensuring more transparency around cyber-incidents is a key aim of new US Securities and Exchange Commission (SEC) rules, However, it is unlikely that the SEC envisioned it would be receiving reports of incidents from the attackers themselves. This is what happened in November 2023, when the BlackCat/ALPHV group revealed it had posted details of its compromise of MeridianLink to the SEC’s “Tips, Complaints, and Referrals” site.

3. Cybercriminals Reluctant to Use ChatGPT

Research published by Sophos in November 2023 suggested that many threat actors are reluctant to use these tools, even expressing concerns about the wider societal risks they pose. Analyzing several prominent cybercrime forums, the researchers observed that many of the attempts to create malware or attack tools using LLMs were “rudimentary” and often met with skepticism by other users.

4. Google Launches Legal Action Against Scammers

Google is taking legal action against two groups of scammers. The first lawsuit is targeting malicious actors who misled people into unknowingly downloading malware by spoofing Google’s AI tools. Google is seeking an order to stop the scammers from setting up domains like these and allow them to have them disabled with US domain registrars.

The second lawsuit targets the abuse of copyright law by bad actors, with Google highlighting the practice of setting up dozens of Google accounts and using them to submit thousands of bogus copyright claims against their competitors. These claims result in the temporary removal of businesses’ websites, costing victims millions of dollars. Google hope their action will put an end to this activity and deter others.

5. Researchers Find “Silly” Way to Extract ChatGPT Training Data

A team of researchers from Google and several US universities discovered an attack method targeting ChatGPT in November 2023 that they described as “kind of silly.” This unusual technique can extract around a gigabyte of ChatGPT’s training dataset from the model. The researchers prompted the model with the command to repeat a certain word, e.g. ‘poem’ forever, and sat back and watched as the model responded. ChatGPT would repeat the word for a while and start including parts of the exact data it had been trained on including email addresses and phone numbers. In the strongest configuration, over 5% of the output ChatGPT emitted was a direct verbatim 50-token-in-a-row copy from its training dataset.

Infosecurity Magazine 12/26/2023