Generative AI Tools Help Criminals Launch More Sophisticated Attacks

Uploaded on 2023-08-04 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Hackers, FREE TO VIEW

Cyber attacks are continuing to increase in prevalence and sophistication. Indeed, today these attacks often use Artificial Intelligence (AI) tools to disrupt business operations, wipe out critical data, and cause reputational damage.

They pose an existential threat to businesses, critical services, and infrastructure. 

AI has been described as a ‘general purpose technology’. This means that, like electricity, computers and the Internet before it, AI is expected to have applications in every corner of society.

Today’s new wave of attacks is outsmarting and outpacing humans, and even starting to incorporate AI. What’s known as “offensive AI” will enable cyber criminals to direct targeted attacks at unprecedented speed and scale while flying under the radar of traditional, rule-based detection tools.

The revolution of generative AI has sparked a paradigm shift in the field of AI, enabling machines to create and generate content with remarkable sophistication. 

Generative AI refers to the subset of AI models and algorithms that possess the ability to autonomously generate text, images, music, and even videos that mimic human creations. This groundbreaking technology has unlocked a multitude of creative possibilities, from assisting artists and designers to enhancing productivity in various industries. Generative AI has become very popular and is now being used by criminals for accelerate cyber attacks. 

Now, a new generative AI cyber crime tool called WormGPT has been advertised on underground forums as a way for adversaries to launch sophisticated phishing and Business Email Compromise (BEC) attacks.

 “The progression of Artificial Intelligence (AI) technologies, such as OpenAI’s ChatGPT, has introduced a new vector for business email compromise (BEC) attacks. ChatGPT, a sophisticated AI model, generates human-like text based on the input it receives. Cyber criminals can use such technology to automate the creation of highly convincing fake emails, personalised to the recipient, thus increasing the chances of success for the attack,”reformed hacker and security researcher Daniel Kelley wrote in a blog. 

Cyber criminals can use such technology to automate the creation of highly convincing fake emails, personalised to the recipient, thus increasing the chances of success for the attack.

The author of the software has described it as the "biggest enemy of the well-known ChatGPT" that "lets you do all sorts of illegal stuff."In the hands of a bad actor, tools like WormGPT could be a powerful weapon, especially as OpenAI ChatGPT and Google Bard are increasingly taking steps to combat the abuse of large language models (LLMs) to fake well-structured phishing emails and to create malicious code. "Bard's anti-abuse restrictors in the realm of cybersecurity are significantly lower compared to those of ChatGPT," Check Point said in a recent report. "Consequently, it is much easier to generate malicious content using Bard's capabilities."

The fact that WormGPT operates without any ethical boundaries underscores the threat posed by generative AI, even permitting novice cyber criminals to launch attacks swiftly and at scale without having the technical know-how to do so.

Making matters worse, threat actors are promoting "jailbreaks" for ChatGPT, and inputs that are designed to manipulate the tool into generating output that could involve disclosing sensitive information, producing inappropriate content, and executing harmful code. "Generative AI can create emails with impeccable grammar, making them seem legitimate and reducing the likelihood of being flagged as suspicious," Kelley said.

"The use of generative AI democratises the execution of sophisticated BEC attacks. Even attackers with limited skills can use this technology, making it an accessible tool for a broader spectrum of cyber criminals."

Hacker News:    SlashNext:   CheckPoint:    Techmonitor:   CNBC:    Techopedia:    MIT Tech Review:

You Might Also Read: 

AI Will Be Disruptive - For Both Security & Jobs:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« A Database Tracking Maritime Cyber Attacks
Getting Your First Cyber Security Job  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

WeSecureApp (WSA)

WeSecureApp (WSA)

WeSecureApp is specialized in providing Cyber Security Solutions to safeguard your applications and networks.

Ecubel

Ecubel

Ecubel is the market leader in Belgium in buying and selling used IT harware guaranteed by a certified data erasure.

WiSecure Technologies

WiSecure Technologies

WiSecure Technologies aims to develop cryptographic products meeting requirements in the new economic era.

Norwest Venture Partners (NVP)

Norwest Venture Partners (NVP)

Norwest Venture Partners offer entrepreneurs a broad range of services to help them build their businesses at every stage of growth. Key sectors include AI, Infrastructure, SaaS and Security.

IT Band Systems

IT Band Systems

IT Band Systems is an international provider of IT products and services including web server monitoring and web security consulting.

Traced

Traced

At Traced, our aim is to redefine mobile cyber security to provide the best possible protection to everyone against breaches of privacy and security.

Cirosec

Cirosec

Cirosec is a specialized company with a focus on information security. We carry out pentests & audits and advise our customers in the German-speaking countries on information and IT security issues.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Xopero Software

Xopero Software

Xopero Software develops a comprehensive range of professional tools for protecting and restoring critical business data.

Amidas Hong Kong

Amidas Hong Kong

Amidas is your trusted companion on the road to Digital Transformation. We provide a full range of Information Technology Solutions and Professional Services to Enterprise customers.

Information Services Group (ISG)

Information Services Group (ISG)

As a leading global research and advisory firm, ISG partners with our clients to determine a future vision, lead rapid change and realize the value of your digital investments at scale.

The IoT Academy

The IoT Academy

The IoT Academy is a reputed Ed-Tech Institute that provides training in emerging technologies such as embedded systems, the Internet of Things (IoT), Data Science and many more.

Radiant Security

Radiant Security

Radiant Security offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Reinforce your SOC with an AI assistant.

Scality

Scality

Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.

Seven AI

Seven AI

Seven AI develops cyber security software designed to identify online threats.