Generative AI Tools Help Criminals Launch More Sophisticated Attacks

Uploaded on 2023-08-04 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Hackers, FREE TO VIEW

Cyber attacks are continuing to increase in prevalence and sophistication. Indeed, today these attacks often use Artificial Intelligence (AI) tools to disrupt business operations, wipe out critical data, and cause reputational damage.

They pose an existential threat to businesses, critical services, and infrastructure. 

AI has been described as a ‘general purpose technology’. This means that, like electricity, computers and the Internet before it, AI is expected to have applications in every corner of society.

Today’s new wave of attacks is outsmarting and outpacing humans, and even starting to incorporate AI. What’s known as “offensive AI” will enable cyber criminals to direct targeted attacks at unprecedented speed and scale while flying under the radar of traditional, rule-based detection tools.

The revolution of generative AI has sparked a paradigm shift in the field of AI, enabling machines to create and generate content with remarkable sophistication. 

Generative AI refers to the subset of AI models and algorithms that possess the ability to autonomously generate text, images, music, and even videos that mimic human creations. This groundbreaking technology has unlocked a multitude of creative possibilities, from assisting artists and designers to enhancing productivity in various industries. Generative AI has become very popular and is now being used by criminals for accelerate cyber attacks. 

Now, a new generative AI cyber crime tool called WormGPT has been advertised on underground forums as a way for adversaries to launch sophisticated phishing and Business Email Compromise (BEC) attacks.

 “The progression of Artificial Intelligence (AI) technologies, such as OpenAI’s ChatGPT, has introduced a new vector for business email compromise (BEC) attacks. ChatGPT, a sophisticated AI model, generates human-like text based on the input it receives. Cyber criminals can use such technology to automate the creation of highly convincing fake emails, personalised to the recipient, thus increasing the chances of success for the attack,”reformed hacker and security researcher Daniel Kelley wrote in a blog. 

Cyber criminals can use such technology to automate the creation of highly convincing fake emails, personalised to the recipient, thus increasing the chances of success for the attack.

The author of the software has described it as the "biggest enemy of the well-known ChatGPT" that "lets you do all sorts of illegal stuff."In the hands of a bad actor, tools like WormGPT could be a powerful weapon, especially as OpenAI ChatGPT and Google Bard are increasingly taking steps to combat the abuse of large language models (LLMs) to fake well-structured phishing emails and to create malicious code. "Bard's anti-abuse restrictors in the realm of cybersecurity are significantly lower compared to those of ChatGPT," Check Point said in a recent report. "Consequently, it is much easier to generate malicious content using Bard's capabilities."

The fact that WormGPT operates without any ethical boundaries underscores the threat posed by generative AI, even permitting novice cyber criminals to launch attacks swiftly and at scale without having the technical know-how to do so.

Making matters worse, threat actors are promoting "jailbreaks" for ChatGPT, and inputs that are designed to manipulate the tool into generating output that could involve disclosing sensitive information, producing inappropriate content, and executing harmful code. "Generative AI can create emails with impeccable grammar, making them seem legitimate and reducing the likelihood of being flagged as suspicious," Kelley said.

"The use of generative AI democratises the execution of sophisticated BEC attacks. Even attackers with limited skills can use this technology, making it an accessible tool for a broader spectrum of cyber criminals."

Hacker News:    SlashNext:   CheckPoint:    Techmonitor:   CNBC:    Techopedia:    MIT Tech Review:

You Might Also Read: 

AI Will Be Disruptive - For Both Security & Jobs:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« A Database Tracking Maritime Cyber Attacks
Getting Your First Cyber Security Job  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Puppet

Puppet

Puppet is a leader in IT automation. Our software helps DevOps securely automate configuration and management of machines and the software running on them.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

ZM CIRT

ZM CIRT

ZM CIRT is the national Computer Incident Response Team for Zambia.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

Cybersprint

Cybersprint

Cybersprint's Digital Risk Protection platform continuously monitors your digital footprint so you can make informed decisions on exposure to online threats, identify vulnerabilities and take action.

NinjaJobs

NinjaJobs

NinjaJobs is a community-run job platform developed by information security professionals. We focusing strictly on cybersecurity positions.

Duality Technologies

Duality Technologies

Duality Technologies combine Advanced Cryptography with Data Science to deliver High-Performance Privacy-Protecting Computing to Regulated Industries.

LogicHub

LogicHub

LogicHub is built on the principle that every decision process for threat detection and response can and should be automated.

IN4 Group

IN4 Group

IN4 Group is a skills, innovation and start-up services provider that specialises in supporting businesses with the training, communities, networks and advice they need to scale.

Pathway Communications

Pathway Communications

Established in 1995, Pathway Communications – is part of the Pathway Group of Companies, a Canadian IT Managed Services organization.

Herzing College

Herzing College

Herzing College Ottawa offers an accelerated 12-month Cybersecurity Specialist training program. This program is developed by industry experts and based on leading IT security certifications.

Privasee

Privasee

Make GDPR compliance simple with Privasee. Our software makes it easy to protect your data and ensure you’re compliant with the new regulations.

Three Wire Systems

Three Wire Systems

Three Wire is a leader in innovative and efficient technology solutions for government agencies and large enterprise corporations.

Theta

Theta

Theta is a New Zealand owned technology consultancy. Our team of over 330 experienced professionals help organisations transform with technology.

Kerberus Cyber Security

Kerberus Cyber Security

Kerberus Cyber Security (formerly MintDefense) is a leading innovator in Web3 user security, dedicated to safeguarding digital assets and transactions through its flagship product, Sentinel3.