Hello Leaders,

Given the geopolitical situation, it is no surprise that state actors are trying innovative ways to steal confidential and sensitive information. Two of the three items in this week's newsletter are related to latest attack methods being used by the attackers. This reinforces the need for basic security hygiene which could be easily improved across the board.

​

1. Rethink your brand strategy in the AI World

According to a Boston Consulting Group study, 28% of survey respondents were asking AI for product recommendations. However, a Carnegie Mellon research showed that how the prompts are written can make your product be the top recommended or not recommended at all. Similar to Search Engine Optimization, companies are already looking at optimizing their branding for AI. The key challenge is that each AI model may interpret the same set of text description differently based on how it is trained. As many language models are closed-source, similar to SEO, companies are trying to find ways to trick AI for better placement!

We did our own test and here are the results.

We change the prompt as follows:

Actions you can take

This shows that how AI perceives your brand would matter.

• Review your brand strategy to assess if you are prioritizing the right set of values.

Further Reading

​https://www.technologyreview.com/2025/02/19/1112076/your-most-important-customer-may-be-ai/​

​

2. Attackers take phishing to the next level

Google Threat Intelligence Group (GTIG) shared new techniques being used by state actors to compromise messaging apps like Signal, WhatsApp, and Telegram. The attackers are exploiting the linked device feature which relies on a user scanning QR code to access the messaging app on multiple devices. They are sending messages which seem like group invites, security alerts, or pairing instructions with malicious QR code embedded. Scanning these will instantly grant attackers access to the entire device data.

Actions you can take

• Review your Bring Your Own Device policy to limit access to workplace data.
• Consider a separate device for workplace. While it adds to your cost, but the security benefits and control over confidential information far outweighs the added cost.

Further Reading

​https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger​

​https://www.okta.com/identity-101/byod-policy/​

​https://clickup.com/blog/using-personal-phone-for-work/​

​

3. Secure your non-interactive accounts

The trouble with Microsoft 365 accounts does not seem to end. State actors are now targeting non-interactive Microsoft 365 accounts that are still using now deprecated basic authentication. These non-interactive accounts are used for system to system authentication, legacy protocols, automation, etc. Unlike interactive accounts, these accounts do not use MFA or get locked out after few invalid attempts. Even thought the invalid attempts are logged, most do not monitor the logs for these accounts. Over 130,000 devices are said to have been compromised.

Actions you can take

None of these should come as a surprise, but we would like to reiterate them

• Actions you could take
• Disable basic authentication
• Restrict the use of non-interactive users
• Use certificate-based authentication
• Strengthen password policy
• Enable conditional access policies like geolocation, UEBA (User and Entity Behavior Analytics)

Further Reading

​https://www.bleepingcomputer.com/news/security/botnet-targets-basic-auth-in-microsoft-365-password-spray-attacks/​