Malicious advertisements are creeping into our digital lives at an alarming rate. The latest victim? Microsoft's Bing Chat, a seemingly innocent AI-driven search engine. Bing Chat, often called "the fresh face of Bing," is an AI-powered chatbot developed by Microsoft.
Microsoft released Bing Chat in February 2023 as a formidable challenger to Google's dominance in the search industry. This interactive chat-based experience aimed to revolutionize online searches, leaving the traditional search query and result format behind. Especially with new Google features like Bard AI, Search Generative Experience (SGE), Google Search Perspectives, etc.
To generate revenue, Microsoft introduced ads into Bing Chat conversations. This move, while financially savvy, opened Pandora's box. Enter threat actors, the nefarious forces behind malvertising. Something similar to this happened to Google search as well.
Malvertisers employ cunning tactics to trick ad networks into displaying seemingly harmless ads that are anything but. They impersonate legitimate software, streaming services, or tools related to cryptocurrency, creating a facade that's hard to distinguish from the real deal.
Malvertising's Migration to Bing Chat
Historically, malvertising has plagued search engines like Google and Bing search despite their best efforts to maintain clean search results. But the game changed with the introduction of Chat-GPT into Bing.
Let's take a closer look at a real-life scenario. Malwarebytes, a cybersecurity stalwart, asked Bing Chat for the "Advanced IP Scanner" tool. The result? A link that, upon closer inspection, led to "advenced-ip-scanner[.]com" (note the "e" instead of "a"). Clicking this link initiated the download of an installer designed to retrieve a malicious payload.
Behind this malicious campaign lies a sophisticated operation. Threat actors managed to infiltrate the ad account of a legitimate Australian business to disseminate these deceptive ads.
The Anatomy of a Malware Attack
Upon clicking the link, users are directed to a traffic direction system (TDS), which meticulously examines various parameters, including IP address, timezone, and system indicators. This scrutiny is aimed at distinguishing humans from bots, crawlers, or sandbox environments.
The downloaded MSI installer contains a heavily obfuscated malicious script. Its purpose? To establish a connection with an external resource to retrieve the elusive payload. As of now, the nature of this malware remains a mystery, as Malwarebytes couldn't uncover the final payload.
But the malvertising menace isn't confined to Bing Chat alone. Recent findings by Akamai and Perception Point unveiled a multi-step campaign targeting the hospitality sector.
How many Cyberattacks so far in 2023?
SonicWall's 2023 Cyber Threat Report shows that malware attacks surged since 2018. Ransomware attacks are also concerning, with 1,815 incidents in just the first six months of 2023.
In August 2023, several notable incidents occurred, including a massive breach that exposed the personal data of over 760,000 Discord.io users. Cyber threats are rising, with an average ransom demand of $1.54 million and over 236.7 million ransomware attacks globally in the first half of 2023.
The top five most prolific ransomware families since January 2023 are LockBit, ALPHV, Malas, Cl0p, and Royal Ransomware. Threat actors like Lazarus APT, Cuba Ransomware Gang, Akira Ransomware Gang, MoustachedBouncer, and NoEscape Ransomware Group are taking center stage.
In 2023, there were 694 data breaches and 612.4 million breached records. Healthcare and Education were the most frequently targeted sectors, with 199 and 119 incidents, respectively.
This complex operation involves deploying information-stealing malware and leveraging compromised access to steal financial data from unsuspecting customers.
Malwarebytes suggests that users should not only exercise caution while visiting websites but also employ multiple security tools to enhance their protection.