Experts say that while there is a possibility that intelligent chatbots like ChatGPT could be used in the future to generate malicious code, the current focus is on the tool's popularity. It is believed that fraudsters have increasingly taken advantage of fake ChatGPT websites and apps to lure unwary victims and steal sensitive information.
On Wednesday, researchers at Meta — Facebook's parent company — issued a troubling warning: Malicious groups like Ducktail and NodeStealer are impersonating ChatGPT and other similar tools to infect people with malicious browser extensions, ads, and other methods on various social media platforms. All of this is to serve rogue ads from compromised business accounts on the internet.
Fortunately, Meta has detected and stopped these threats, including previously unreported malware families. Still, the company's security team has noticed rapid adversarial adaptation in response to their detection, which means it's more important than ever to stay alert to these threats.
Meta has identified about ten malware families attacking people through the use of ChatGPT and other similar themes. As if that weren't enough, threat actors are creating malicious browser extensions that claim to offer ChatGPT tools to trick people into downloading malware. These malicious extensions are promoted both on social media and in sponsored search results. Some of the extensions even include ChatGPT along with the malware to avoid suspicion from official web stores.
It is important to take proper precautions when browsing the web. Beware of browser extensions, ads, and other things that look suspicious.
Meta announced that it has blocked more than 1,000 malicious ChatGPT-related URLs on its platforms, while sharing these URLs with industry partners. This effort was necessary due to the Ducktail operation, which has been targeting Facebook users since 2021. This operation spoofs ChatGPT to steal browser cookies, hijack logged-in Facebook sessions, and access sensitive information from its victims' accounts, including two-factor authentication code and location data.
In January of this year, Meta researchers discovered the NodeStealer malware, which steals cookies to break into Facebook, Gmail and Outlook accounts. Quickly, the company was able to identify the malware and take steps to stop its action, helping potential victims recover their accounts. To do so, removal requests were sent to third-party registrars, hosting providers, and applications used by threat actors.
Since February 27 of this year, Meta researchers have not observed new malware samples from the NodeStealer family. However, the company continues to monitor any potential future activities, including the growing threat of generative artificial intelligence.
Security experts at the company BlackFog have issued a warning about the threat of ChatGPT, highlighting its potential to produce malicious code. The company is closely monitoring how artificial intelligence can be used as bait on social media. According to BlackFog, ChatGPT can be used to exfiltrate data and create phishing websites, with the purpose of stealing credentials and installing malware on devices. As a result, cybersecurity measures will need to keep pace with this emerging technology.
Traditional approaches such as EDR-based defense and antivirus have proven ineffective against these modern ransomware variants. To protect data, it is necessary to use newer technologies to prevent data exfiltration in the first place. Without the ability to exfiltrate the information, attackers have no way to extort victims and have nothing to gain. In addition, the due diligence of users is essential to avoid falling for spoofing campaigns.
Alexandre Morelli
Head Of Cybersecurity LATAM da Stefanini

Do we follow or create trends in cybersecurity?

Cybersecurity is at the center of concerns for companies around the world. With the acceleration of digital transformation, cyberattacks have become more sophisticated, amplifying the challenge for business. In 2025, again, we will see a significant increase in cyber threats and, at the same time, a growing demand for new risk mitigation strategies. It is imperative that as an executive, you closely monitor these changes and how they impact the way you protect your organization's assets.
According to the World Economic Forum's "Global Risks Report 2024", cyber threats, or cyber insecurity, are among the four biggest global risks for the coming years. The use of artificial intelligence (AI) by criminals will become one of the main challenges for 2025. Hackers can use AI to automate and enhance attacks, making malware and other threats smarter and harder to detect. This requires that organizational resilience is better crafted by using AI to predict and neutralize attacks before they cause significant damage.
A study by Gartner also reinforces this prediction, estimating that by 2025, 60% of global companies will use AI for cybersecurity. Artificial intelligence will be essential for monitoring large volumes of data in real time, identifying anomalies, and automating incident responses, something crucial in a scenario where the speed of response can determine the success or failure of a cyber defense.
I also highlight vulnerability in supply chains and third parties. One of the biggest cyber risks for 2025 is the increase in attacks targeting suppliers and business partners, rather than direct attacks on corporations. These attacks can allow cybercriminals to access internal systems through vulnerable third parties, as we saw in the attack on SolarWinds. Companies will need to conduct regular security audits on their suppliers and develop strategies to protect their ecosystems.
5G and IoT: new challenges, new vulnerabilities
With the global expansion of 5G networks, expected to accelerate in 2025, new cyber risks emerge. Gartner estimates that by then, more than 30 billion Internet of Things (IoT) devices will be connected, creating a vast field for potential attacks. The massive
connectivity that 5G provides expands the attack surface, as each connected device becomes a potential entry point for threats.
To protect themselves in this new scenario, companies must implement robust security architectures that cover everything from the network to connected devices. Zero Trust Architecture, which is based on the idea of not automatically trusting anything inside or outside the corporate network, is one of the trends that will gain the most traction by 2025.
With the advent of these new technologies, a traditional Security Operation Center (SOC) (SIEM-based) is no longer sufficient, considering the large number of devices, attack surfaces, multiple access points, and information beyond the traditional edge of a network. The use of a SOC (with XDR/MDR solutions) to prevent, detect, and respond to an incident using AI will be mandatory.
The human factor remains one of the main vulnerabilities in cybersecurity. Studies by the Ponemon Institute indicate that 82% of data breaches involve some type of human error. By 2025, creating a strong cybersecurity culture within companies will be as essential as implementing cutting-edge technological solutions. This requires an ongoing investment in employee training and awareness of safety practices.
How to report cyber risks to company leaders?
One of the critical challenges for cybersecurity leaders is how to report risks in a clear and understandable way to board members. Often, the technical aspects of cyber risks can be too complex for directors who don't have a background in technology, to easily understand.
The key to effective communication is translating technology risks into business impacts. For example, instead of reporting technical vulnerabilities, the focus should be on the financial or operational consequences of those risks. I recommend using clear financial metrics, such as the potential impact on revenue, recovery costs, or loss of customer trust.
Another effective approach is to classify cybersecurity risks into three categories: strategic, financial, and operational risks. This helps the board understand where cyber threats may affect the organization most critically, making it easier to make informed decisions about security investments.
I have no doubt that by 2025 (again), cybersecurity will be an essential component of business strategy, and business leaders will need to treat digital protection as a core responsibility. The combination of emerging threats, such as the use of AI by criminals, the vulnerability of supply chains, and the explosion of 5G-connected IoT devices, creates a challenging landscape, but also full of opportunities for innovation.
Keeping up with these trends, anticipating incidents, managing risks and in an ever-changing world will be critical to protecting your business. The key to success will be collaboration between cybersecurity leaders, IT teams, and boards of directors to ensure that information security is treated as a strategic priority.
Umberto Rosti
CEO Brazil of Stefanini Cyber, a Stefanini Group company

The Realistic Scenario of Cyberattacks and the Need for Global Security

The film "The World After Us", released by Netflix at the end of 2023, raises reflections on an alarming scenario: a chaotic world due to a large-scale cyberattack. Experts in the field of cybersecurity consider this theme not only fictional, but technically plausible. This article explores the plausibility of these events, the importance of digital security, and some of the best practices for protecting critical infrastructure.
Large-Scale Cyberattack: How Realistic Is This Scenario?
Global interconnectedness and increasing reliance on technology make countries and businesses increasingly vulnerable to cyberattacks. Real-world examples, such as the ILoveYou virus and attacks on critical infrastructure, demonstrate the destructive potential of these threats. What was portrayed in the film may seem exaggerated to some, but the reality is that it is not far from this type of situation.
Cybersecurity: an undeniable need
Cybersecurity is essential. Comprehensive measures are needed for both states and businesses. The development of national cybersecurity policies, as in the case of Brazil, and the creation of agencies specialized in the subject have become increasingly relevant. In the corporate environment, effective risk management, well-structured operational continuity plans, and the implementation of robust security measures to protect digital assets are essential.
Technology Dependence: A Current Social Critique
The film tackles, in a forceful way, the excessive dependence on technology. Imagining a world where communication is disrupted, transportation systems collapse, and access to information is lost reinforces the importance of preventive measures. Being prepared for crisis scenarios and minimizing the impacts of a potential large-scale cyberattack is a growing need.
Digital Inequality and the Impact of Cyberattacks: Mitigating Measures
Another relevant point that the film explores is digital inequality. Different layers of society are unequally affected in situations of technological crisis. To mitigate these impacts, experts highlight the need to promote digital literacy, make cybersecurity measures accessible, and foster collaboration between the public and private sectors.
Cybersecurity Best Practices for Critical Infrastructure
Defending critical infrastructure is a global priority and one of today's most pressing challenges.
Some of the key best practices include:
· Implement monitoring and threat detection systems;
· Develop business continuity plans;
· Segregate networks to prevent chain attacks;
· Collaborate with government agencies and other specialized organizations to strengthen digital resilience.
Cybersecurity has become a priority issue in today's world, where digital addiction continues to grow. The film "The World After Us" raises valuable reflections on the impacts of a large-scale cyberattack and reinforces the need for preventive actions. Securing digital systems requires cooperation between governments, businesses, and individuals, as well as continued investments in technology and education. Only through an integrated and proactive approach will it be possible to ensure a safer and more resilient digital environment for the future.
Umberto Rosti
CEO of Stefanini Cyber, a Stefanini Group company

Cyber Risks in Deglobalization: The New Digital Paradigm

We live in a time of increasing fragmentation of global trade relations, driven by geopolitical tensions. Trade disputes and the search for greater technological autonomy between nations are shaping a scenario of deglobalization.
This transformation not only poses economic challenges, but also redefines the cyber risk landscape, requiring innovative strategies adapted to regional particularities.
Deglobalization, intensified by the trade disputes between the US and China, has promoted digital protectionism, directly impacting the flow of transnational information. As a result, we observe a technological fragmentation: governments are implementing regulations that encourage local production and restrict the import of foreign technologies. Significant examples include the sanctions on Kaspersky, Huawei and, most recently, TikTok.
This movement has fostered the emergence of regional ecosystems, such as local datacenters and digital platforms customized to meet the specificities of each market.
However, this segmentation of infrastructure also expands the digital attack surface, introducing new threat vectors and increasing the risks of state-sponsored cyber espionage.
In this scenario, it is essential to understand how deglobalization is redesigning the cyber risk landscape. Increased reliance on local suppliers can introduce new points of vulnerability, while the reconfiguration of global supply chains increases the potential for security compromises across the network. At the same time, the regionalization of digital infrastructure imposes the need to adjust strategies to the specific nuances of each country or economic bloc.
These challenges become even more complex in the face of the advance of digital espionage, which directs efforts to strategic sectors such as technology, energy, and telecommunications, intensifying the global dispute for technological supremacy. In addition, the risk of cyberattacks targeting critical infrastructure is growing, increasing the pressure on governments and companies to strengthen their resilience.
To address these challenges, companies must take a regionalized and strategic approach to cybersecurity. This includes developing plans that align with local legislation, as well as forming partnerships with regional providers that specialize in incident monitoring and response. Strengthening resilience in the supply chain is equally important, involving regular audits of suppliers, strategic partners, and the incorporation of stringent security requirements into contracts.
Compliance also emerges as an essential pillar in this scenario. Many countries are implementing and improving their National Cybersecurity Policies, as is the case of Brazil, which recently published its policy and instituted a dedicated regulatory agency. Companies that fail to comply with local or international regulations risk facing significant financial penalties and irreparable reputational damage. Constantly monitoring regulatory changes and investing in robust compliance programs are essential steps to ensure both safety and operational continuity.
Another vital aspect is the monitoring of geopolitical threats. Continuous analysis of regional risk trends and their impacts on the business allows for the preparation of agile and effective responses. In this context, rapid response teams become indispensable to mitigate localized attacks that may compromise critical operations, especially in the face of the expansion of the attack surface caused by more decentralized production chains.
A safety-oriented organizational culture is essential. Promoting regular training for employees, focused on emerging risks and effective cyber practices, is one of the main factors to reduce internal vulnerabilities. At the same time, internal communication must reinforce digital security as a shared responsibility for the entire organization.
Despite the challenges posed by deglobalization, strategic opportunities also arise. Companies that invest in customized solutions and develop regional alliances can not only mitigate risks but also consolidate a differentiated position in the market. Building a resilient cybersecurity ecosystem, aligned with changing global dynamics, is becoming an indispensable competitive differentiator.
In the context of deglobalization, organizations need to reevaluate their strategies to protect their digital assets and ensure business continuity. This requires not only the
implementation of effective measures, but also the clear and consistent communication of risks and mitigation plans to the board and other stakeholders, regardless of their location.
Umberto Rosti
CEO Brazil of Stefanini Cyber, a Stefanini Group company

Stefanini Cyber launches solution that monitors cyber risks in real time

The Cyber Risk Operating Center provides continuous protection for companies operating in industries such as finance, healthcare, government, services, and infrastructure
Businesses face an increasingly challenging digital environment, with cyber threats that require solutions beyond simple incident response. It is in this scenario that Stefanini Cyber, a Stefanini Group company specializing in cybersecurity, globally launches the Cyber Risk Operating Center (CROC), an innovative solution that monitors, quantifies and manages cyber risks automatically, continuously and in real time.
CROC emerges in a scenario of accelerated digital transformation and a significant increase in cyber threats, standing out for its constant and proactive approach. Unlike traditional solutions that focus on detection and response after incidents, CROC identifies and quantifies risks before they materialize.
Stefanini Cyber's solution is based on global standards such as NIST 800-030, NIST 800-060 and MITRE ATT&CK, which uses an advanced platform to capture telemetry from all of an organization's digital assets, allowing it to map vulnerabilities, identify threats and propose customized mitigation plans. In this way, it ensures that companies are prepared to prevent damage effectively. The CROC strongly helps in decision-making on how and where to invest in cybersecurity, in order to reduce the risk in the most sensitive digital assets.
Focusing on critical sectors such as finance, healthcare, government, and infrastructure, among other sectors, the solution directly meets the needs of CISOs, IT managers, and compliance, offering a seamless and reliable service for organizations looking to protect their assets in an ever-changing digital environment.
More than a detection tool, CROC differentiates itself by its genuinely proactive approach, developing and implementing effective mitigation plans based on the information collected. In this way, the solution protects companies and minimizes potential damage. Its simplification and efficiency are driven by the integration of advanced technologies, which directly serve professionals in the field, providing an agile and highly effective experience in cybersecurity management.
Among the main benefits of the solution is continuous monitoring, operating 24/7, with the ability to assess an organization's entire attack surface in real time. This platform provides detailed and immediate vulnerability analysis, allowing companies to maintain full visibility and control over their security environment.
Since its launch, the solution has attracted attention in the market, consolidating itself as an indispensable solution for companies looking to increase their digital security. "When we talk about cyberattacks, we know that they involve three stages: before, during and after an incident. What makes CROC so special is its ability to anticipate risks, going beyond traditional solutions. The tool helps companies prepare for an increasingly challenging scenario in digital security. These organizations need more than a quick response; they need to anticipate threats and act quickly to protect their assets and ensure the continuity of operations," explains Leidivino Natal, Global CEO of Stefanini Cyber.
"Listed companies, which deal with strict compliance and governance standards, find in the CROC a true ally. While many solutions on the market are limited to acting during or after an incident, we have gone further, anticipating risks and strengthening the security of companies before breaches happen, including using AI to identify paths that an attacker could use to attack the company. CROC not only protects sensitive data, but also ensures the continuity of operations, which is indispensable in such a dynamic business landscape. More than offering security, it brings peace of mind and confidence, allowing companies to focus on what really matters: growing and innovating safely," comments Luis Gustavo Pereira, Chief Strategy Officer Global at Stefanini Cyber.