Surely, you’ve noticed them: meticulously crafted emails that appear to be urgent calls to action or legitimate requests from reputable people or popular organizations. You might even be tempted to click on them, much to the horror of your information technology department. However, before you do, a good policy is to ask before you open.
That’s because phishing emails can be a way for criminals to access privileged data—by luring us into replying with sensitive information, clicking on malicious links or downloading malware-laden attachments. Once attackers have your information, they can access your email, banking or other accounts.
These cyber-attacks happen daily to companies worldwide. In fact, an attack was reported recently out of Los Angeles on May 4, 2023, involving a glass company. Glasswerks LA Inc., a custom glass fabricator, announced on behalf of chief financial officer Michael Torres that the company was the victim of a cyber-attack.
According to Torres, the company discovered on April 26, 2023, that an unknown individual had gained unauthorized access to its computer network. As in nearly all cyber-attack cases, determining the identity or location of an attacker is incredibly difficult because there’s no physical evidence to collect.
The individual was able to access Glasswerks’ email program, allowing them to “segregate their email activity on our system with the intention of avoiding detection,” explains Torres.
The attacker then sent out emails that appeared to come from Glasswerks using a former employee’s email address.
“We believe this actually started on March 7, 2023, but since the detection of this unauthorized activity, we have taken every measure to stop it as of the date this was discovered,” says Torres. “We have evidence that this unauthorized person was trying to purchase laptop computers and computer hardware in large quantities wrongfully utilizing the Glasswerks name as the purchaser with a former employee as the alleged authorized purchasing agent.”
The Glasswerks case is a cautionary tale to all glass and glazing companies. Every company is now a target, big or small. And with the rise of artificial intelligence (AI), such as ChatGPT, the attacks will only become more sophisticated, experts suggest.
Turning to the Dark Side
“From a bad actor’s perspective, ChatGPT is the new crypto,” Guy Rosen, Meta’s chief information security officer, told reporters on May 3, 2023. This means that scammers have moved to exploit interest in the technology. Meta revealed in a security report that in March alone it had blocked the sharing of more than 1,000 malicious web addresses that claimed to be linked to ChatGPT.
ChatGPT and related chatbots enable unskilled hackers to begin dabbling in cybercrimes, reports CyberHoot, a security awareness training platform. The program can create convincing phishing attack emails and find vulnerabilities in computer systems. CyberHoot says ChatGPT can write malware and spear-phishing emails in any language.
To counter this threat, CyberHoot explains that companies must prevent vulnerability exploits, such as scanning internet-facing devices daily, providing employee awareness training, conducting phishing testing and ensuring your company has ironclad authentication processes.
Catching the Fed’s Attention
The threat of AI’s use in hacking has even caught the federal government’s attention. The White House recently stated it will support a mass hacking exercise at the Defcon security conference this summer to probe generative AI systems. Additionally, the National Science Foundation announced $140 million in funding to launch seven new National AI Research Institutes. The focus will be to develop ethical, transformative AI for the public good.
For glass and glazing companies, vigilance is key. That’s because, according to Brad Spiess, vice president of Union Insurance Group, the construction industry is the third most common industry targeted by hackers.
Spiess told attendees at the 2023 North American Iron Workers / Ironworker Management Progressive Action Cooperative Trust conference in February that cyberattacks will increase. And due to the increasingly advanced nature of AI programs, it will only become easier for hackers to exploit companies and individuals.