Cyber Criminals Are Quick To Use ChatGPT 

Uploaded on 2023-03-06 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

ChatGPT has captured the Internet’s attention with millions using the technology to write poems, craft short stories, answer questions and even ask advice and now cyber criminals have begun using OpenAI’s artificially intelligent chatbot ChatGPT to quickly construct hacking tools. 

Norton has released its quarterly Consumer Cyber Safety Pulse Report which observes that cyber criminals have extended  the use of ChatGPT to create deepfake chatbots, phishing campaigns and malware.

OpenAI, a private company backed by Microsoft, made it available to the public for free in November. In addition to writing lures, ChatGPT can also generate code. 

Nortons research team have examined how cyber criminals can use artificial intelligence to create realistic and sophisticated threats. The latest report includes an analysis of how large language models can enhance criminal tactics. Amongst other exploits, cyber criminals are using  ChatGPT to generate malicious threats through its impressive ability to generate human-like text that adapts to different languages and audiences and in tis way criminals can quickly and easily craft email or social media phishing lures that are even more convincing, making it more difficult to tell what’s legitimate and what’s a threat.

ChatGPT can generate articles, essays, jokes, poetry and job applications in response to text prompts. It can respond to questions in a human-like manner and understand the context of follow-up queries much like in human conversations, as well as being able to compose longform pieces of writing if asked. 

Just as ChatGPT makes developers’ lives easier with its ability to write and translate source code, it can also make cyber criminals’ lives easier by making scams faster to create and more difficult to detect.

“I’m excited about large language models like ChatGPT, however, I’m also wary of how cyber criminals can abuse it...  We know cybercriminals adapt quickly to the latest technology, and we’re seeing that ChatGPT can be used to quickly and easily create convincing threats," Kevin Roundy, Senior Technical Director of Nortonn said.

As well as using ChatGPT for effective phishing, criminals can also use it to create deepfake chatbots which   can impersonate humans or legitimate sources, like a bank or government entity, to manipulate victims into disclosing personal information to gain access to sensitive information, steal money or commit fraud.

Norton's advice is to be suspicious and extremely cautious when engaging with unknown sources of possible risk: 

  • Avoid chatbots that don’t appear on a company’s website or app and being cautious of providing any personal information to someone you’re chatting with online
  • Take a moment to think before you click on links in response to unsolicited phone calls, emails or messages.
  • Update your security measures to make sure you have a  a leyer of security that goes beyond known malware recognition, such as behaviour detection and blocking.

The latest Pulse Report also revealed that throughout 2022, Norton thwarted over 3.5 billion threats, or around 9.6 million threats per day. In 2022, Norton blocked 90.9 million phishing attempts, 260.4 million file threats, 1.6 million mobile threats, 274 thousand ransomware attacks. Norton AntiTrack blocked over 3 billion trackers and fingerprinting scripts. In the last quarter alone, Norton blocked over 787.7 million threats, or around 8.5 million threats per day. From October through December 2022, Norton blocked 27 million phishing attempts, 49.4 million file threats, 770 thousand mobile threats, 46 thousand ransomware attacks. Norton AntiTrack blocked over 1 billion trackers and fingerprinting scripts.

OpenAI has put certain filters in place to prevent obvious requests for ChatGPT to construct malware with policy violation notifications, but hackers have already found ways around those safeguards. 

Techguide:    NZHerald:     Guardian:    Business Insider:     Forbes:    Analytic Insight:   ITBrief:     

You Might Also Read:

The Latest Artificial Intelligence Technologies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« New US National Cyber Security Strategy
Detecting Digital Injection To Counter Deepfake Biometric Fraud  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

eSentire

eSentire

eSentire is the authority in Managed Detection and Response Services, protecting the critical data and applications of organizations from known and unknown cyber threats.

CONCERT

CONCERT

CONCERT is a Computer Emergency Response Team and cyber security information sharing network for companies, institutes and government in Korea.

Deep Instinct

Deep Instinct

Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization’s endpoints, servers, and mobile devices.

Information Technology & Cyber ​​Security Service (STISC) - Moldova

Information Technology & Cyber ​​Security Service (STISC) - Moldova

STISC is a public institution whose purpose is to ensure the administration, maintenance and development of the information technology infrastructure in Moldova.

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

The ai Corporation

The ai Corporation

The ai Enterprise Fraud Solution is an on-prem or cloud-based self-service, machine learning fraud detection and prevention tool set.

Celerium

Celerium

Celerium transforms cyber defense for both companies and industry sectors by leveraging cyber threat intelligence to defend against cyber threats and attacks.

CONCORDIA

CONCORDIA

Concordia is a Cybersecurity Competence Network with leading research, technology, and competences to build the European Secure, Resilient and Trusted Ecosystem.

US Cyber Range

US Cyber Range

US Cyber Range is a scalable, cloud-hosted infrastructure providing students with virtual environments for realistic, hands-on cybersecurity labs and exercises.

MagiQ Technologies

MagiQ Technologies

MagiQ produced the world’s first commercial quantum cryptography product that delivered advanced, future-proof network security.

Cyway

Cyway

Cyway is a value-added cybersecurity distributor focusing on on-prem, cloud solutions and hybrid solutions, IoT, AI & machine learning IT security technologies.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

CyGlass

CyGlass

CyGlass simply and effectively identifies, detects, and responds to threats to your network without requiring any additional hardware, software, or people.

Saffron Networks

Saffron Networks

Saffron Networks is an ISO-certified company. We assure our clients of reliable solutions, specifically with the Security landscape and Enterprise Networking.

Semgrep

Semgrep

Semgrep is a fast, open-source, static analysis tool for profoundly improving software security and reliability.

AUCloud

AUCloud

AUCloud is a leading Australian cyber security and secure cloud provider, specialising in supporting businesses and Governments with the latest cloud infrastructure.