Cyber Criminals Are Quick To Use ChatGPT 

ChatGPT has captured the Internet’s attention with millions using the technology to write poems, craft short stories, answer questions and even ask advice and now cyber criminals have begun using OpenAI’s artificially intelligent chatbot ChatGPT to quickly construct hacking tools. 

Norton has released its quarterly Consumer Cyber Safety Pulse Report which observes that cyber criminals have extended  the use of ChatGPT to create deepfake chatbots, phishing campaigns and malware.

OpenAI, a private company backed by Microsoft, made it available to the public for free in November. In addition to writing lures, ChatGPT can also generate code. 

Nortons research team have examined how cyber criminals can use artificial intelligence to create realistic and sophisticated threats. The latest report includes an analysis of how large language models can enhance criminal tactics. Amongst other exploits, cyber criminals are using  ChatGPT to generate malicious threats through its impressive ability to generate human-like text that adapts to different languages and audiences and in tis way criminals can quickly and easily craft email or social media phishing lures that are even more convincing, making it more difficult to tell what’s legitimate and what’s a threat.

ChatGPT can generate articles, essays, jokes, poetry and job applications in response to text prompts. It can respond to questions in a human-like manner and understand the context of follow-up queries much like in human conversations, as well as being able to compose longform pieces of writing if asked. 

Just as ChatGPT makes developers’ lives easier with its ability to write and translate source code, it can also make cyber criminals’ lives easier by making scams faster to create and more difficult to detect.

“I’m excited about large language models like ChatGPT, however, I’m also wary of how cyber criminals can abuse it...  We know cybercriminals adapt quickly to the latest technology, and we’re seeing that ChatGPT can be used to quickly and easily create convincing threats," Kevin Roundy, Senior Technical Director of Nortonn said.

As well as using ChatGPT for effective phishing, criminals can also use it to create deepfake chatbots which   can impersonate humans or legitimate sources, like a bank or government entity, to manipulate victims into disclosing personal information to gain access to sensitive information, steal money or commit fraud.

Norton's advice is to be suspicious and extremely cautious when engaging with unknown sources of possible risk: 

  • Avoid chatbots that don’t appear on a company’s website or app and being cautious of providing any personal information to someone you’re chatting with online
  • Take a moment to think before you click on links in response to unsolicited phone calls, emails or messages.
  • Update your security measures to make sure you have a  a leyer of security that goes beyond known malware recognition, such as behaviour detection and blocking.

The latest Pulse Report also revealed that throughout 2022, Norton thwarted over 3.5 billion threats, or around 9.6 million threats per day. In 2022, Norton blocked 90.9 million phishing attempts, 260.4 million file threats, 1.6 million mobile threats, 274 thousand ransomware attacks. Norton AntiTrack blocked over 3 billion trackers and fingerprinting scripts. In the last quarter alone, Norton blocked over 787.7 million threats, or around 8.5 million threats per day. From October through December 2022, Norton blocked 27 million phishing attempts, 49.4 million file threats, 770 thousand mobile threats, 46 thousand ransomware attacks. Norton AntiTrack blocked over 1 billion trackers and fingerprinting scripts.

OpenAI has put certain filters in place to prevent obvious requests for ChatGPT to construct malware with policy violation notifications, but hackers have already found ways around those safeguards. 

Techguide:    NZHerald:     Guardian:    Business Insider:     Forbes:    Analytic Insight:   ITBrief:     

You Might Also Read:

The Latest Artificial Intelligence Technologies:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« New US National Cyber Security Strategy
Detecting Digital Injection To Counter Deepfake Biometric Fraud  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Trend Micro

Trend Micro

Trend Micro is a leader in hybrid cloud, endpoint, and network security solutions.

Tubitak

Tubitak

Tubitak is the scientific and technological research council of Turkey. Areas of research include information technology and security.

Kroll

Kroll

Kroll provides clients a way to build, protect and maximize value through our differentiated financial and risk advisory and intelligence.

Networkers

Networkers

Networkers is a global recruitment consultancy helping unite job-seekers and hiring companies across the technology industry.

Abusix

Abusix

Abusix specializes in Internet security, network abuse handling, antispam and fraud prevention.

QSecure

QSecure

QSecure specializes in the provision of information security and risk management services.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

SlowMist

SlowMist

SlowMist is a blockchain ecosystem security company providing cybersecurity audits and protection for leading digital asset exchanges, crypto wallets, public chains, and smart contracts.

DisruptOps

DisruptOps

Built for today’s cloud-scale enterprises, DisruptOps’ Cloud Detection and Response platform automates assessment and remediation procedures of critical cloud security issues.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

OriginalMy

OriginalMy

OriginalMy is a cybersecurity startup, focussed on digital governance and information authentication. Its mission is to prove authenticity using state-of-the-art cryptography and blockchain technology

Cyber Coaching

Cyber Coaching

Cyber Coaching is a community for enhancing technical cyber skills, through unofficial certification training, cyber mentorship, and personalised occupational transition programs.

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

CyberQP

CyberQP

CyberQP (formerly Quickpass Cybersecurity) provide Privileged Access Management built for MSPs. Our system is designed to reduce ransomware and social engineering attack risks.

Tutanota

Tutanota

Tutanota is the world’s first end-to-end encrypted mail service that encrypts the entire mailbox.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.