Gone Phishing: Glass Industry Can Be Caught in Scams Easily

Surely, you’ve noticed them: meticulously crafted emails that appear as urgent calls to action or legitimate requests from reputable people or popular organizations. You might even be tempted to click on them, much to the horror of your information technology department. However, before you do, it’s good policy to ask before you open.

That’s because phishing emails can be a way for criminals to access privileged data— by luring us into replying with sensitive information, clicking on malicious links or downloading malware-laden attachments. Once attackers have your information, they can access your email, banking or other accounts.

These cyber-attacks happen to companies worldwide daily. In fact, an attack involved a glass company recently in Los Angeles on May 4, 2023. Glasswerks LA Inc., a custom glass fabricator, announced on behalf of chief financial officer Michael Torres that the company was the victim of a cyber-attack.

According to Torres, the company discovered on April 26, 2023, that an unknown individual had gained unauthorized access to its computer network. As in nearly all cyber-attack cases, determining the identity or location of an attacker is incredibly difficult because there’s no physical evidence to collect.

The individual was able to access Glasswerks’ email program, allowing them to “segregate their email activity on our system with the intention of avoiding detection,” explains Torres.

The attacker then sent out emails that appeared to come from Glasswerks using a former employee’s email address.

“We believe this actually started on March 7, 2023, but since the detection of this unauthorized activity, we have taken every measure to stop it as of the date this was discovered,” says Torres. “We have evidence that this unauthorized person was trying to purchase laptop computers and computer hardware in large quantities wrongfully utilizing the Glasswerks name as the purchaser with a former employee as the alleged authorized purchasing agent.”

The Glasswerks case is a cautionary tale to all glass and glazing companies. Every company, big or small, is now a target. And with the rise of artificial intelligence (AI), such as ChatGPT, the attacks will only become more sophisticated, experts suggest.

Turning to the Dark Side

“From a bad actor’s perspective, ChatGPT is the new crypto,” says Guy Rosen, Meta’s chief information security officer. This means that scammers have moved to exploit interest in the technology. Meta revealed in a security report that in March alone, it had blocked the sharing of more than 1,000 malicious web addresses that claimed to be linked to ChatGPT.

ChatGPT and related chatbots enable unskilled hackers to begin dabbling in cybercrimes, reports CyberHoot, a security awareness training platform. The program can create convincing phishing attack emails and find vulnerabilities in computer systems. CyberHoot says ChatGPT can write malware and spear-phishing emails in any language.

To counter this threat, CyberHoot explains that companies must prevent vulnerability exploits, such as scanning internet-facing devices daily, providing employee awareness training, conducting phishing testing and ensuring your company has ironclad authentication processes.

Catching the Fed’s Attention

The threat of AI’s use in hacking has even caught the federal government’s attention. The White House recently stated it would support a mass hacking exercise at the Defcon security conference this summer to probe generative AI systems. The National Science Foundation also announced $140 million in funding to launch seven new National AI Research Institutes. The focus will be to develop ethical, transformative AI for the public good.

For glass and glazing companies, vigilance is key. According to Brad Spiess, vice president of Union Insurance Group, the construction industry is the third most common industry targeted by hackers.

Spiess told attendees at the 2023 North American Iron Workers / Ironworker Management Progressive Action Cooperative Trust conference in February that cyberattacks will increase. And due to the increasingly advanced nature of AI programs, it will only become easier for hackers to exploit companies and individuals.

To view the laid-in version of this article in our digital edition, CLICK HERE.