Prompt injection attacks threaten AI chatbots, and other cybersecurity news to know this month

The UK's National Cyber Security Centre (NCSC) has highlighted a growing risk of chatbots being manipulated by hackers through "prompt injection" attacks. This is when a user creates an input that causes a model to behave in an unintended way, such as generating offensive content or revealing confidential information.

The current generation of large language models (LLMs) is vulnerable to these types of inputs, which could have worrying consequences, the agency says. As LLMs are increasingly used to pass information to other services and applications, the risk of prompt injection attacks will grow.

The NCSC has also announced that Ollie Whitehouse will become its new Chief Technology Officer.

The number of data breaches worldwide saw a 156% increase between Q1 and Q2 2023, according to new figures from VPN provider Surfshark.

A total of 110.8 million accounts were leaked in the second quarter of the year, equivalent to 855 every minute.

Almost half of these breaches were of accounts originating in the US, while Russia, Spain, France and Turkey made up the rest of the top five most breached countries.

The global average cost of a data breach has increased by 15% in the past three years, according to a new IBM report. Cost of Data a Breach 2023 reveals that 51% of organizations plan to improve their cybersecurity as a result of a breach.

Japan's national cyber defence agency has been infiltrated by hackers, who may have had access to information for as much as nine months, the Financial Times reports. The attack on Japan's National Center of Incident Readiness and Strategy for Cybersecurity began last autumn, with Chinese state-backed hackers thought to be behind it.

Basic cyber hygiene still protects against 98% of attacks, Microsoft says. The minimum standards every organization should adopt are: requiring phishing-resistant multifactor authentication; applying zero trust principles; using up-to-date anti-malware tools; keeping on top of systems and software updates; and protecting data.

The bonuses of top company executives are increasingly being tied to cybersecurity metrics. It is part of a trend to make cybersecurity a top-level consideration, with companies including Johnson & Johnson and the London Stock Exchange Group among those tying a portion of bonuses to a cyber goal in 2022.

The Five Eyes intelligence alliance has detailed how Russian state-sponsored hackers Sandworm are using an Android malware called Infamous Chisel to attack Ukranian soldiers' devices, scan files, monitor traffic and steal sensitive information.

Microsoft has identified seven emerging hybrid warfare trends from Russia's cyberwar with Ukraine. These include weaponizing pacifism by amplifying discontent about the war and stoking fears of World War III. Other tactics include demonizing refugees and mobilizing nationalism.

A cybercrime couple have pleaded guilty to trying to launder $4.5bn of Bitcoin stolen in a hack in 2016. Heather Morgan and Ilya Lichtenstein were arrested last year after police traced the funds. Prior to her arrest, Morgan released a series of rap videos under the name Razzlekhan.

The World Economic Forum’s Global Coalition for Digital Safety has produced a foundational language to define online harms. The aim is to create a common language to describe the problems of online harm so that regulators and tech firms can better work together to address it.

Consolidating cybersecurity tools and testing and augmenting resilience measures are among seven steps companies can take to control their cybersecurity spend without compromising on its effectiveness.

We need to be realistic about the impact of generative AI, Paul Swartz and Francois Candelon of the BCG Henderson Institute argue. Technology’s impact on productivity growth has been consistently overstated, they say, and analysts could be repeating that mistake with generative AI.