North Korean hackers trick employees with new social engineering, new prompt injection attacks, compromise, gemini's long term memory. Canada's privacy commissioner investigates the power school data breach and why we should send a love note out to the federal Bureau of Investigation. This is cybersecurity today. I'm your host, Jim Love. North Korean state sponsored hacking group, Kim Sook hee, has adopted a novel social engineering technique to infiltrate targeted systems.
According to Microsoft's Threat Intelligence Team, the attackers pose as South Korean government officials to establish trust with their targets. Once rapport is built, they send spear phishing emails containing PDF attachments. And when the recipients open the email, These PDFs, they're redirected to a counterfeit device registration page that instructs them to run PowerShell as administrators and input code provided by the attackers.
Executing this code installs a browser based remote desktop tool. It downloads a certificate using a hard coded pin and registers the victim's device with a remote server, granting the attackers direct access for data exfiltration. This method inspired by the click fix campaign involves deceptive prompts that lead victims to execute malicious code themselves via PowerShell commands and resulting in malware infections.
And Microsoft first observed this tactic in limited attacks starting in January 2025, targeting individuals in international affairs organizations, NGOs, Government agencies and even media companies across North America, South America, Europe, and East Asia. The adoption of these tactics by nation state actors underscores their effectiveness in real world operations. To mitigate the risks, it's crucial to treat all unsolicited communications with extreme caution.
Users should be wary of requests to execute code on their computers under any circumstances, but especially when it's asked for with administrator privileges and implementing security awareness training. could help individuals recognize and avoid these sophisticated phishing attempts. I have to say that this attack has seemed relatively obvious to me, but it has been successful across the world.
So once again, it's probably time to take a look at our security awareness training to make sure individuals recognize and avoid even these sophisticated phishing attempts. A recent demonstration by security researcher, Johan Rehberger has revealed a novel prompt injection attack that corrupts the long term memory of Google's Gemini AI. This technique allows attackers to manipulate the AI's memory, leading it to retain and recall false information.
In the demonstration, Reberger crafted a prompt that deceived GemIIni into permanently remembering the user as a 102 year old flat earther. This manipulation persisted across sessions, indicating significant vulnerability in the AI's memory management. Prompt injection attacks involve Inserting malicious instructions into the input provided to AI models, causing them to behave unexpectedly or disclose confidential information.
This incident underscores the challenges in securing AI systems against such exploits, especially as they become more integrated into applications with long term memory capabilities. Now, while this is the latest in the prompt injection types of attacks, more and more reports are surfacing. I saw a demonstration this morning of how commands could be buried in an emoticon using Unicode. A smiley.
And while many people were criticizing the deep seek hacks that occurred, we warned that the larger US AI models were also vulnerable two days before it was announced that someone had jailbroken the very latest open AI model. Many experts have warned that it can take surprisingly small amounts of data to corrupt an AI model.
So while the rush is on for AI supremacy, and even the vice President of the United States is giving the US' official position as worrying more about being first than being safe, warning lights should be flashing as we will become more and more dependent on these systems in the coming months and years. Canada's Privacy Commissioner, Philippe Dufresne, has initiated a formal investigation into a significant cybersecurity breach involving PowerSchool, a widely used student information system.
The breach has potentially exposed personal data of students across multiple provinces of Canada, especially Ontario and Alberta. The compromised information may include sensitive details such as names, addresses, and academic records, possibly more. In Ontario, the Toronto District School Board reported that personal data dating back to 1985 could have been affected. Similarly in Alberta, 31 schools have been impacted by the breach.
PowerSchool has notified affected school boards and is cooperating with the investigation, but the Office of the Privacy Commissioner is assessing the scope of the breach and the implications for students privacy rights. The incident has been a wake up call about the levels of cybersecurity measures in educational institutions.
Parents and guardians are advised to monitor communications from their respective school boards for updates, and to take necessary precautions to protect their children's personal information. As a bit of an editorial aside, it's ridiculous for senior governments to expect these small IT departments in school boards and schools to keep up with something that even large organizations struggle with.
We can see by the abolishment of the Department of Education in the U. S. that there's somehow a belief that Every dollar must be spent in the classroom or it's lost to the bureaucracy. We hope that the Canadian inquiry will help to clarify these issues and maybe surface some of the actions that need to be taken to keep our kids safe. I don't want to mischaracterize the U. S. position in this, but I haven't seen any similar actions in response other than the end of the Department of Education.
If someone has more info that I should be sharing, please let me know. And we should send a love note out to the Federal Bureau of Investigation who launched Operation Level Up, a proactive initiative aimed at identifying and notifying victims of cryptocurrency investment frauds, or what's commonly referred to as pig butchering. The scam involves fraudsters establishing online relationships with individuals and subsequently enticing them into fraudulent cryptocurrency investments.
Victims are often persuaded to invest increasing amounts into seemingly profitable platforms only to find themselves unable to withdraw their funds. Since its inception in January of 2024, Operation Level Up has achieved some significant milestones. The FBI has informed 4, 323 individuals about their involvement in such scams. And approximately 76 percent of these individuals were unaware they were being defrauded prior to the FBI's notification.
The initiative has potentially saved victims an estimated 285 million. These are individuals. That's a lot of money. Additionally, and sadly, 42 individuals have been referred to the FBI victim specialists for suicide intervention, highlighting the severe emotional and financial toll of these scams.
The FBI advises the public to be vigilant and to recognize common indicators of such scams, unsolicited online contacts, proposing investment opportunities, requests to move conversations to encrypted messaging platforms. Promises of high returns coupled with pressure to invest quickly, encouragement to limit communication with financial advisors or family members and difficulties in withdrawing funds or demands for additional fees to facilitate withdrawals.
If you suspect that somebody you know is a victim of cryptocurrency investment fraud, it's critical to report the incident promptly to the FBI's Internet Crime Complaint Center, IC3, at ic3. gov. And their site has a great info piece with further information that is a must read for us all, in any country. And beyond that, it's a must share, especially with those you love.
And if you're in a position to get the point across, it's a great reason why governments everywhere need to invest in cyber policing. If that note about people needing suicide counseling doesn't get to you. Nah, nobody's that heartless. So for all of you, there's a link in the show notes. This weekend, we're going to share our AI related show. It looks at questions that executives should be asking about AI.
And while it's not totally focused on cybersecurity, once again, we will all benefit from a better understanding and more intelligent conversations about AI. It'll be there on Saturday morning with your morning coffee, or whenever you listen to long form podcasts, I'm your host, Jim Love. Thanks for listening.