Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations: Wednesday, March 19, 2025

Wed Mar 19 2025

Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations In this episode of Cybersecurity Today, host Jim Love discusses several pressing cybersecurity issues including the exploitation of a server-side request forgery (SSRF)...

Summary

Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations

Episode Date: March 19, 2025
Host: Jim Love

In the March 19, 2025 episode of Cybersecurity Today, host Jim Love delves into the latest threats facing businesses and governmental institutions, highlighting exploited vulnerabilities in major technologies, advancements in ransomware countermeasures, and emerging malware delivery methods. This comprehensive discussion provides valuable insights for organizations striving to bolster their cybersecurity defenses in an evolving threat landscape.

1. Exploitation of ChatGPT’s SSRF Vulnerability (CVE-2024-27564)

Jim Love opens the episode by addressing a significant security concern involving OpenAI's ChatGPT. A Server-Side Request Forgery (SSRF) vulnerability, cataloged as CVE-2024-27564, has been actively exploited by malicious actors to redirect users to harmful URLs, thereby jeopardizing organizational security.

Vulnerability Details:
- The SSRF flaw allows attackers to inject crafted URLs into ChatGPT's system, causing the application to make unauthorized requests.
- This can lead to unauthorized access, data breaches, and potential system compromises.
Impact Analysis:
- Over 10,000 exploit attempts were recorded within a single week originating from a single malicious IP address, indicating the vulnerability's high attractiveness to cybercriminals.
- Target Sectors: Financial institutions and U.S. government organizations have been the primary victims, emphasizing the need for enhanced security measures in these critical sectors.
Organizational Susceptibility:
- Research from cybersecurity firm Verity reveals that 35% of examined organizations were vulnerable due to misconfigurations in their intrusion prevention systems, web application firewalls, and general firewall settings.
Notable Quote:

Jim Love [02:15]: "This medium severity flaw not only allows for unauthorized access but also significantly heightens the risk of data breaches across sensitive sectors."

2. Counteracting Akira Ransomware with Innovative Decryption Techniques

The discussion shifts to ransomware, focusing on the notorious Akira ransomware group, which has been a persistent threat since its emergence in 2023.

Akira Ransomware Overview:
- Initially known for its dark humor, such as demanding ransom payments in €125,000 worth of French baguettes, Akira has since adopted more ruthless tactics.
- The group has targeted a diverse range of victims, including corporations, hospitals, universities, and other critical infrastructure, often leveraging stolen credentials to infiltrate systems.
Breakthrough in Decryption:
- Cybersecurity firm TinyHack has developed a method to crack Akira's encryption using high-powered GPUs like the Nvidia RTX 4090.
- Encryption Details: Akira employs the ChaCha 8 encryption algorithm, generating a unique key for each file based on a four-part timestamp measured down to the nanosecond, intended to thwart brute-force attacks.
Exploitation of Encryption Weaknesses:
- TinyHack's researchers identified a flaw that narrows the range of possible timestamps, thereby reducing the number of guesses required to uncover the correct encryption key.
- Decryption Timeline: Utilizing a single RTX 4090 GPU, an encrypted file can be decrypted in approximately seven days. A cluster of 16 GPUs can reduce this time to just 10 hours.
Limitations and Considerations:
- The decryption method necessitates that the original encrypted files remain intact and accessible.
- Organizations must possess substantial computing resources to perform the decryption, especially when files are stored on network file systems where latency can complicate timestamp determination.
- Akira has a history of swiftly adapting to countermeasures, having previously addressed vulnerabilities after their encryption methods were disclosed by Avast’s Threat Research team.
Notable Quote:

Jim Love [15:45]: "Every hour Akira spends developing new attacks is an hour that someone isn't being attacked, offering a glimmer of hope for victims who refuse to capitulate."

3. Malwarebytes’ Warning: Dangers of Free Online File Converters

Concluding the episode, Jim Love highlights a pressing concern from Malwarebytes regarding the proliferation of malware through ostensibly legitimate online file conversion tools.

Malware Delivery via Conversion Tools:
- Cybercriminals disguise malicious software as free file converters, exploiting users’ need to convert file formats for new applications.
- Users searching for "free converter" with specific file suffixes are lured to malicious sites promising quick and easy conversions.
Mechanism of Attack:
- Upon uploading a file for conversion, users are often prompted to install a helper application, which actually delivers the harmful payload.
- These malicious programs can perform a range of nefarious activities, including tracking browsing activity, stealing passwords, opening backdoors, and granting remote access to cybercriminals.
Preventive Measures:
- Malwarebytes advises users to remain skeptical of websites that insist on downloads for tasks that can traditionally be performed online.
- The firm emphasizes the importance of verifying the legitimacy of platforms before downloading any executable files, recommending the use of reputable services that offer cloud-based conversions without additional software installations.
Notable Quote:

Jim Love [25:30]: "Users should always be skeptical of websites that insist on downloads for tasks traditionally done online, as these are prime avenues for malware delivery."

Conclusion

Jim Love wraps up the episode by underscoring the critical need for organizations and individuals alike to stay vigilant against evolving cybersecurity threats. By understanding and addressing vulnerabilities like the SSRF in ChatGPT, leveraging advancements in ransomware decryption, and exercising caution with online tools, stakeholders can better protect themselves in an increasingly perilous digital landscape.

For more insights and updates on the latest cybersecurity threats and defenses, stay tuned to Cybersecurity Today with Jim Love.

Loading summary...

Transcript

Jim Love (0:01)

A ChatGPT vulnerability targets corporations and governments Researchers crack the Akira ransomware using high end GPUs, and free online converters are found to install malware. This is cybersecurity today. I'm your host Jim Love. A server side request forgery or SSRF vulnerability in OpenAI's ChatGPT infrastructure, tracked as CVE2024 27564, is being actively exploited by attackers to redirect users to malicious URLs, placing organizations at significant risk. Researchers from cybersecurity firm Verity have identified this medium severity flaw, which allows cybercriminals to inject crafted URLs into ChatGPT's system, compelling the application to make arbitrary requests. This exploitation can lead to unauthorized access and data breaches. Notably, over 10,000 exploit attempts were recorded within a single week from a lone malicious IP address, underscoring the vulnerability's appeal to threat actors. The attacks have predominantly targeted financial institutions and US Government organizations, highlighting the critical need for robust cybersecurity measures in these sectors. Alarmingly, Verity's analysis revealed that 35% of examined organizations were susceptible due to misconfigurations in intrusion prevention systems, web application firewalls and firewall settings. SSRF vulnerabilities enable attackers to manipulate server side applications into making unauthorized requests to internal or external systems, potentially leading to data exposure or further system compromises. In this instance, the flaw permits adversaries to direct ChatGPT to access unintended URLs, facilitating a range of malicious activities. The Akira ransomware group emerged in 2023 with a mix of dark humor and ruthless tactics, famously requesting ransom payments in €125,000 worth of French baguettes. But they soon became a more serious threat. They've been known to ask for absurdly large amounts of ransoms, and despite their sense of humor, they are ruthless and have attacked not just corporations but also hospitals, universities and other infrastructure, often using stolen credentials to break into systems. But now some researchers have found a way to fight back by exploiting weaknesses in Akira's encryption. Cybersecurity experts from a firm called tinyhack have discovered a method to crack its locked files using high powered GPUs with an Nvidia RTX 4090, Tinyhack found they could crack the encrypted ransomware files in seven days, and with 16 GPUs, the process would take just over 10 hours. See Akira uses ChaCha 8 and encryption algorithms to lock victims files. Instead of relying on a single key, the ransomware generates a unique key for each file based on a four part timestamp measured down to the nanosecond. This system is meant to make brute force attacks impossible. But tinyhack's researchers found a flaw. By narrowing the possible range of timestamps, they reduced the number of guesses needed to find the correct encryption key using an RTX 4090. The brute force attack could then crack an Akira encrypted file in about seven days, and a cluster of 16 GPUs drops the encryption time to just 10 hours. Now the researcher's ability to decrypt files without paying could deal a major blow to Akira's operations. However, the decryption method isn't foolproof. It requires the exact original encrypted files to be intact, and the organizations still need powerful computing resources to execute the recovery where the files are on a network file system. Some latency can also make determining the timestamp more difficult, and Akira's encryption has been cracked before. Avast Threat research team found the method Akira used to encrypt victim files and published a free encryption breaker tool. Akira has then gone on to fix their weaknesses. No doubt they'll change their tactics to respond to this as well. But every hour they spend developing new attacks is an hour that somebody isn't attacked. And for victims who refuse to pay, this breakthrough offers a rare opportunity, a way to fight back against one of the most notorious ransomware gangs of the past two years. And finally, cybersecurity company Malwarebytes is urging Internet users to exercise caution when seeking free online conversion tools, warning that some of these services are embedding malware into their downloads. You know what it's like. You're working with a new application. You've got a file in a specific format. The application won't take that file format. So what do you do? You go into Google and you type free converter with the file suffix except. Cybersecurity company Malwarebytes is urging you to exercise caution when seeking those free online conversion tools, warning that some of these services are now embedding malware into their Downloads. The cybersecurity firm's latest research, published in March 2025, reveals how attackers disguise malicious software as legitimate file converters to infect unsuspecting victim's devices. According to malwarebytes in their blog post titled Warning Over Free Online Converters that actually Install Malware, these sites lure users with promises of quick and easy file format conversions. However, when users upload documents for conversion, they're often prompted to install a helper application that actually delivers the harmful payloads. These malicious programs can track browsing activity, steal passwords, open back doors, and grant remote access to cybercriminals. Users should always be skeptical of websites that insist on downloads for tasks traditionally done online, the blog post states. And the firm emphasizes that many legitimate services can convert files directly in the cloud without requiring additional software installations. Malwarebytes advises anyone seeking file conversion services to verify the legitimacy of the platform before downloading any executable files. And that's our show. You can reach me with comments, questions or even tips@EditorialTechNewsDay CA and hey, the donations from BuyMeACoffee.com TechPodcast keep coming in. So thank you. I'll try to get to thank each and every one of you individually. I've gone through a pile of them. I hope you're getting these as emails, but they are posted on the site buymeacoffee.com techpodcast so you can see my note to you and my thanks. We still aren't out of the woods. We need to get a specific amount of money on a monthly basis for the show to keep functioning, but I'll do another campaign in a few weeks. I want to give you all a break, but at this rate, with your generosity we will get to a sustainable revenue to keep the show going. I'm your host Jim Love. Thanks for listening.