Navigating The Risks Of ChatGPT On Financial Institutions

ChatGPT, an advanced AI language model created by OpenAI, is gaining popularity for its ability to generate human-like responses to natural language input.
By
CTM360 Team
February 28, 2023
1 mins read
Navigating The Risks Of ChatGPT On Financial Institutions
background-graphics

What’s on this page

Overview
CTM360’s observation of the trend
Recommendations

What is ChatGPT?

ChatGPT, an advanced AI language model created by OpenAI, is gaining popularity and attention for its ability to generate human-like responses to natural language input. Trained on large amounts of data, ChatGPT's context comprehension and relevant response generation have made it a popular choice for businesses seeking to enhance customer experience and operations.

Major technology corporations are making significant investments in Artificial Intelligence (AI). Microsoft, for instance, has declared that it will invest $10 billion in OpenAI and intends to merge ChatGPT into its Azure OpenAI suite. This will allow businesses to include AI assets, including DALL-E, a program that generates images, and Codex, which transforms natural language into code, in their technology infrastructure.

While ChatGPT has several benefits for financial institutions, such as improving customer service and automating certain tasks, it also carries some risks that need to be addressed. Major banks and other institutions in the US have banned the use of ChatGPT within the organization. Concerns over sensitive information being put into the chatbot.

pic 1

Risks associated with incorporating ChatGPT

Let's delve into the potential risks that are currently being debated regarding the use of ChatGPT:

  1. Data Exposure: One potential risk of using ChatGPT in the workplace is the inadvertent exposure of sensitive data. For example, employees using ChatGPT to generate data insights and analyze large amounts of financial data could unknowingly reveal confidential information while conversing with the AI model, which could lead to breaches of privacy or security. Another known data exposure case observed is Employees could potentially expose private code if they inadvertently include confidential information in the training data. This could occur if an employee includes code snippets that contain sensitive data or proprietary information, such as API keys or login credentials.
  2. Misinformation: ChatGPT can generate inaccurate or biased responses based on its programming and training data. Financial professionals should be cautious while using it to avoid spreading misinformation or relying on unreliable advice. ChatGPT’s current version was only trained on data sets available through 2021. In addition, the tool pulls online data that isn’t always accurate.
  3. Technology Dependency: While ChatGPT offers useful insights for financial decision-making, relying solely on technology may overlook human judgment and intuition. Financial professionals may misunderstand ChatGPT's recommendations or become over-reliant on it. Thus, maintaining a balance between technology and human expertise is crucial.
  4. Privacy Concerns: ChatGPT gathers a lot of personal data that users, unassumingly, might provide. Most AI models need a lot of data to be trained and improved, similarly, organizations might have to process a massive amount of data to train ChatGPT. This can pose a significant risk to individuals and organizations if the information is exposed or used maliciously.

External Risks associated with ChatGPT

  1. Social Engineering: Cybercriminals can use ChatGPT to impersonate individuals or organizations and create highly personalized and convincing phishing emails, making it difficult for victims to detect the attack. This can lead to successful phishing attacks and increase the likelihood of individuals falling for the scam.
  2. Creating malicious scripts and malware: Cybercriminals can train ChatGPT on vast amounts of code to produce undetectable malware strains that can bypass traditional security defenses. By using polymorphic techniques like encryption and obfuscation, this malware can dynamically alter its code and behavior, making it challenging to analyze and identify.

Recommendations:

  • Financial institutions should establish clear policies and guidelines for using ChatGPT in the workplace to safeguard confidential information and mitigate the risks of data exposure.
  • Anonymized data should be used to train an AI model to protect the privacy of individuals and organizations whose data is being used.
  • Specific controls should be applied to how employees use information from ChatGPT in connection with their work.
  • Awareness training should be provided to Employees who have access to ChatGPT on the potential risks associated with the use of the technology, including the risks of data exposure, privacy violations, and ethical concerns.
  • Restricting access to ChatGPT will limit the potential for data exposure and misuse of the technology.

Recent Blogs

SolarWinds - an American software vendor for managing networks and infrastructure has been breached. Orion, a network monitoring product was modified by a state-sponsored threat actor via embedding backdoor code into a legitimate SolarWinds library. This allowed remote access into the victim’s environment and a foothold in their networks; this enabled attacker to obtain privileged credentials.

The SolarWinds Orion products are designed to monitor the networks of systems and report on any security issues. Due to this, there are no comparable limiting boundaries on the scope or potential security impact; this has been made clear by the gradual revelation of more and more high-value targets. Even more worrisome is the fact that the attackers apparently made use of their initial access to targeted organizations, such as FireEye and Microsoft, to compromise tools and code that would then enable them to target other victims. After Microsoft discovered that they were breached via the SolarWinds compromise, they further discovered that their own products were then used “to further the attacks on others.”

The attack was initially disclosed by the cybersecurity firm, FireEye, as early as December 8th but published publicly on 13th. It was revealed that the attack on SolarWinds was conducted by an unknown APT (Advanced Persistent Threat) group. They were able to steal Red Team assessment tools, similarly, used by FireEye to probe its customers’ security. FireEye has made its countermeasures freely available on GitHub.

According to Microsoft, hackers acquired superuser access to SAML token-signing certificates. This SAML certificate was then used to forge new tokens to allow hackers to obtain trusted and highly privileged access to networks.

While analyzing further on this attack, it was discovered that there was another backdoor likely from a second threat actor. This malware was dubbed as SUPERNOVA. This was a web shell planted in the code of the Orion network and applications monitoring platform and enabled attackers to run arbitrary code on machines running the trojanized version of the software.

pic1

Hackers inserted malicious code into an updated version of the software, called Orion. Approximately 18,000 SolarWinds customers installed tainted updates, between March and June 2020, onto their systems. The malware was inserted in these Orion app versions:

  • Orion Platform 2019.4 HF5, version 2019.4.5200.9083
  • Orion Platform 2020.2 RC1, version 2020.2.100.12219
  • Orion Platform 2020.2 RC2, version 2020.2.5200.12394
  • Orion Platform 2020.2, 2020.2 HF1, version 2020.2.5300.12432

This disclosure was followed by a coordinated report issued by Microsoft, FireEye, SolarWinds, and the U.S. government. The report concluded that SolarWinds had been targeted by threat actors who aimed to gather undisclosed information from major customers of theirs, including FireEye.

Compromise: What is Known so Far

A key indicator of the attack was the conceived backdoor that was able to gain access to and breach the SolarWinds Orion build system. This backdoor was attached to the said system by rescripting the legitimate SolarWinds.Orion.Core.BusinessLayer.dll DLL file. This file was then distributed to SolarWinds’ clients in a supply chain attack. This was achieved due to an automatic update platform used to dispense new software updates; clients were unaware of this taking place.

According to reports, the threat actors may have performed trial runs of the distribution method as early as October 2019. Researchers believe that the attackers had already compromised networks previously; it is suggested that they had harvested information or performed other malicious activities silently for months. Due to this, FireEye eventually detected that they were hacked after the threat actors registered a device to the company’s multi-factor authentication (MFA) system using stolen credentials. The alert from the system, regarding an unknown device, was able to notify FireEye of the compromise.

Recommendations

Urgently update any exploited SolarWinds Orion software to Orion Platform version 2020.2.1 HF 2 and Orion Platform 2019.4 HF 6

Third party vendors who may be susceptible to exposure of this compromise should report as part of responsible disclosure and urgently remediate.

In case of possible exposure devise an incident response plan.

Prioritize the TTPs leveraged by the threat actor mapped to mitre att&ck. This is available in Adversary Intelligence within CTM360’s CyberBlindspot.

Summary:

In December 2024, hackers compromised at least 35 Google Chrome extensions, affecting approximately 2.6 million users. The attack exploited phishing emails sent to developers, masquerading as Google policy violation notices. These emails tricked developers into granting permissions to a malicious OAuth application named

“Privacy Policy Extension.

” Once authorized, the attackers gained control over the extensions, injecting malicious code to steal user data, particularly targeting Facebook credentials and business accounts. Browser extensions can significantly enhance productivity by adding new features to web browsers like Microsoft Edge and Google Chrome. However, they also pose significant security risks, as malicious or compromised extensions can lead to data breaches, malware infections, and unauthorized access to corporate networks. It is crucial for organizations to control, block, or manage browser extensions to minimize security risks, particularly in an enterprise environment. This advisory outlines the steps to block and protect browser extensions for Microsoft Edge and Google Chrome, and it also includes specific guidance on managing extensions using Microsoft Intune.

Risks Associated With Browser Extensions

Data Exposure: Some extensions can access sensitive data (e.g., browsing history, credentials, and files), potentially exposing confidential information.

Malicious Extensions: Cybercriminals can create or compromise extensions, making them a vector for malware distribution or data exfiltration.

Phishing Risks: Extensions may manipulate web content, tricking users into providing sensitive information.

Performance Degradation: Some poorly coded extensions can slow down browsers or degrade system performance.

Managing Browser Extensions Using Group Policy

A. Microsoft Edge

Using Group Policy (Windows)

1. Open the Group Policy Management Console (GPMC).

2. Navigate to:  Computer Configuration > Administrative Templates > Microsoft Edge > Extensions

3. Set the following policies:

a. Control which extensions are installed silently: Specify allowed extensions by adding their extension IDs.

b. Configure extension management settings: T o block all extensions, set this policy to "*" (deny all).

c. Configure the list of force-installed extensions: If any extension is necessary for business, add the corresponding extension ID here.

B. Google Chrome

Using Group Policy (Windows)

1. Open the Group Policy Editor.

2. Navigate to: Computer Configuration > Administrative Templates > Google > Google Chrome > Extensions

3. Set the following policies:

a. Block external extensions: Set the policy to block all extensions unless specifically allowed by adding the extension IDs.

b. Configure extension install allow list: If certain extensions are necessary, add their extension IDs here.

c. Configure extension install blocklist: Add a wildcard"*" to block all extensions.

Managing Browser Extensions Using Microsoft Intune

Organizations using Microsoft Intune for endpoint management can apply policies to control browser extension installations across all managed devices. This approach is particularly useful for managing large numbers of endpoints efficiently.

Blocking Extensions in Microsoft Edge Using Intune

1. Sign in to Microsoft Endpoint Manager Admin Center.

2. Navigate to: Devices > Configuration profiles > Create profile

3. Choose:

a. Platform: Windows 10 and later.

b. Profile type: Settings catalog.

4. In the Configuration settings, search for Extensions under Microsoft Edge:

a. Allow specific extensions to be installed (User): Specify allowed extension IDs

b. Control which extensions cannot be installed (User): Add a wildcard"*" to block all extensions.

5. Assign this profile to your target groups (specific users or devices).

Blocking Extensions in Google Chrome Using Intune

1. Sign in to Microsoft Endpoint Manager Admin Center.

2. Navigate to: Devices > Configuration profiles > Create profile

3. Choose:

a. Platform: Windows 10 and later.

b. Profile type: Settings catalog.

4. In the Configuration settings, search for Extensions under Google Chrome\Extensions:

a. Configure extension installation allow list (User): Specify allowed extension IDs

b. Configure extension installation blocklist: Add a wildcard"*" to block all extensions.

5. Assign this profile to your target groups (specific users or devices).

Note: These steps are mentioned for user-based controls. Similar configuration steps can be applied for device-based controls.

Best Practices for Managing Browser Extensions

Audit Extensions Regularly: Regularly audit the extensions installed on users’ browsers to detect unauthorized or risky extensions.

User Training: Educate users about the risks associated with browser extensions and how to identify malicious ones.

Implement a Zero-Trust Model: Always assume that extensions can potentially be compromised. Apply the principle of least privilege when granting extension permissions.

Use Security Solutions: Consider deploying security solutions that can monitor and block malicious browser activities, including suspicious extension behavior.

Conclusion

Controlling browser extensions in Microsoft Edge and Google Chrome is a critical aspect of securing enterprise endpoints. By implementing the steps outlined above, organizations can significantly reduce the risks associated with browser extensions. Whether you manage your endpoints using Group Policy or Microsoft Intune, these controls can help protect your network from potential extension-related threats. By following this advisory, organizations can take proactive steps to mitigate browser extension risks, enhancing their overall cybersecurity posture.

Reference:

https://www.bleepingcomputer.com/news/security/new-details-reveal-how-hackers-hijacked-35-google-chrome-extensions/

https://learn.microsoft.com/en-us/defender-endpoint/manage-profiles-approve-sys-extensions-intune

https://gbhackers.com/malicious-editthiscookie-extension/#google_vignette

Disclaimer

The information contained in this document is meant to provide general guidance and brief information to the intended recipient pertaining to the incident and recommended action. Therefore, this information is provided "as is" without warranties of any kind, express or implied, including accuracy, timeliness, and completeness. Consequently, under NO condition shall CTM360®, its related partners, directors, principals, agents, or employees be liable for any direct, indirect, accidental, special, exemplary, punitive, consequential, or other damages or claims whatsoever including, but not limited to: loss of data, loss in profits/business, network disruption…etc., arising out of or in connection with this advisory.

For more information:

Email: monitor@ctm360.com Tel: (+973) 77 360 360

Overview

Essential Cybersecurity Habits

In today’s digital landscape, safeguarding personal and professional data is more critical than ever. Cyber threats such as phishing, credential theft, and financial fraud are increasingly sophisticated, making proactive security measures essential. This advisory highlights two fundamental steps to strengthen your online security: enabling Two-Factor Authentication (2FA) and managing browser storage of sensitive data. By implementing these practices, you can significantly reduce the risk of unauthorized access and protect your accounts from common cyber attacks.

Strengthen Account and Browser Security

Strengthening online security requires two essential measures: Activating Two-Factor Authentication (2FA) and controlling browser storage of sensitive data. 2FA provides an additional security layer beyond passwords, significantly reducing unauthorized access risks.

The following sections contain step-by-step instructions for enabling 2FA across major email platforms including Gmail, Outlook and Yahoo. Detailed guidance is also provided for disabling auto-save functionality for passwords and payment information in common browsers such as Chrome, Firefox and Edge. Implementing these security measures enhances protection against prevalent cyber threats including phishing attacks, credential theft and financial fraud.

Enable Two-Factor Authentication (2FA)

Why it matters:

2FA adds an extra layer of security, making it harder for attackers to access your accounts, even if they have your password.

Person enabling Two-Factor Authentication (2FA) on a smartphone for added account security and protection from cyber threats

Disable Password Saving in Your Browser

Why it matters:

Malware can easily extract saved passwords from browsers.

Illustration showing browser settings to disable auto-save for passwords and payment info, enhancing online data privacy and safety

Disable Credit Card Autofill in Your Browser

Why it matters:

Saved credit card details are a prime target for malware.

Visual guide displaying key cybersecurity habits like verifying emails, using VPNs, and avoiding suspicious downloads to prevent phishing and fraud

Essential Security Recommendations

  • Maintain a Low Profile Online: Limit personal and professional information shared publicly to minimize risks.
  • Verify Communications: Always confirm unexpected emails or messages, especially those requesting sensitive information or urgent actions.
  • Carefully verify email senders, Scammers often use realistic but fake emails.
  • Be skeptical of emails with poor grammar, urgent requests, or unexpected attachments.
  • Avoid clicking links type URLs directly into your browser.
  • Regularly update your device, software, and antivirus programs.
  • Frequently scan your devices using trusted antivirus and anti-malware solutions.
  • Avoid downloading software from unknown or suspicious sources.
  • Use a VPN on public Wi-Fi networks to encrypt your internet connection.
  • Educate yourself regularly about new cyber threats and scams.
  • Immediately report suspicious activity to your email or financial provider.
  • Regularly review your account activity and set up alerts for unusual behavior.
  • Use secure password managers/FIDO devices.
  • Always manually enter credit card details only on trusted sites.

References

https://www.forbes.com/sites/daveywinder/2025/03/21/google-chrome-passwords-alert-beware-the-rise-of-the-ai-infostealers/

Disclaimer:

The information contained in this document is meant to provide general guidance and brief information to the intended recipient pertaining to the incident and recommended action. Therefore, this information is provided "as is" without warranties of any kind, express or implied, including accuracy, timeliness, and completeness. Consequently, under NO condition shall CTM360®, its related partners, directors, principals, agents, or employees be liable for any direct, indirect, accidental, special, exemplary, punitive, consequential, or other damages or claims whatsoever including, but not limited to loss of data, loss in profits/business, network disruption…etc., arising out of or in connection with this advisory.

For more information:   Email: monitor@ctm360.com   Tel: (+973) 77 360 360