Generative AI Tools Help Criminals Launch More Sophisticated Attacks

Uploaded on 2023-08-04 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Hackers, FREE TO VIEW

Cyber attacks are continuing to increase in prevalence and sophistication. Indeed, today these attacks often use Artificial Intelligence (AI) tools to disrupt business operations, wipe out critical data, and cause reputational damage.

They pose an existential threat to businesses, critical services, and infrastructure. 

AI has been described as a ‘general purpose technology’. This means that, like electricity, computers and the Internet before it, AI is expected to have applications in every corner of society.

Today’s new wave of attacks is outsmarting and outpacing humans, and even starting to incorporate AI. What’s known as “offensive AI” will enable cyber criminals to direct targeted attacks at unprecedented speed and scale while flying under the radar of traditional, rule-based detection tools.

The revolution of generative AI has sparked a paradigm shift in the field of AI, enabling machines to create and generate content with remarkable sophistication. 

Generative AI refers to the subset of AI models and algorithms that possess the ability to autonomously generate text, images, music, and even videos that mimic human creations. This groundbreaking technology has unlocked a multitude of creative possibilities, from assisting artists and designers to enhancing productivity in various industries. Generative AI has become very popular and is now being used by criminals for accelerate cyber attacks. 

Now, a new generative AI cyber crime tool called WormGPT has been advertised on underground forums as a way for adversaries to launch sophisticated phishing and Business Email Compromise (BEC) attacks.

 “The progression of Artificial Intelligence (AI) technologies, such as OpenAI’s ChatGPT, has introduced a new vector for business email compromise (BEC) attacks. ChatGPT, a sophisticated AI model, generates human-like text based on the input it receives. Cyber criminals can use such technology to automate the creation of highly convincing fake emails, personalised to the recipient, thus increasing the chances of success for the attack,”reformed hacker and security researcher Daniel Kelley wrote in a blog. 

Cyber criminals can use such technology to automate the creation of highly convincing fake emails, personalised to the recipient, thus increasing the chances of success for the attack.

The author of the software has described it as the "biggest enemy of the well-known ChatGPT" that "lets you do all sorts of illegal stuff."In the hands of a bad actor, tools like WormGPT could be a powerful weapon, especially as OpenAI ChatGPT and Google Bard are increasingly taking steps to combat the abuse of large language models (LLMs) to fake well-structured phishing emails and to create malicious code. "Bard's anti-abuse restrictors in the realm of cybersecurity are significantly lower compared to those of ChatGPT," Check Point said in a recent report. "Consequently, it is much easier to generate malicious content using Bard's capabilities."

The fact that WormGPT operates without any ethical boundaries underscores the threat posed by generative AI, even permitting novice cyber criminals to launch attacks swiftly and at scale without having the technical know-how to do so.

Making matters worse, threat actors are promoting "jailbreaks" for ChatGPT, and inputs that are designed to manipulate the tool into generating output that could involve disclosing sensitive information, producing inappropriate content, and executing harmful code. "Generative AI can create emails with impeccable grammar, making them seem legitimate and reducing the likelihood of being flagged as suspicious," Kelley said.

"The use of generative AI democratises the execution of sophisticated BEC attacks. Even attackers with limited skills can use this technology, making it an accessible tool for a broader spectrum of cyber criminals."

Hacker News:    SlashNext:   CheckPoint:    Techmonitor:   CNBC:    Techopedia:    MIT Tech Review:

You Might Also Read: 

AI Will Be Disruptive - For Both Security & Jobs:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« A Database Tracking Maritime Cyber Attacks
Getting Your First Cyber Security Job  »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

National Security Authority (NBU) - Slovakia

National Security Authority (NBU) - Slovakia

The National Security Authority (NBU) is the central government body in Slovakia for the Protection of Classified Information, Cryptographic Services, Trust Services and Cyber Security.

VerSprite

VerSprite

VerSprite is a specialist information security consulting firm. We provide organizations with detection across all their attack surfaces and deliver critical insight into all possible attack methods.

H-11 Digital Forensics

H-11 Digital Forensics

H-11 Digital Forensics is a global leader of digital forensic technology.

Armis

Armis

Armis offers the markets leading asset intelligence platform designed to address the new threat landscape that connected devices create.

Dice

Dice

Dice is a leading recruitment platform, helping technology professionals manage their careers and employers connect with highly skilled tech talent in specialist areas including cybersecurity.

Westminster Insight - Cyber Security Conference

Westminster Insight - Cyber Security Conference

Join colleagues this December for Westminster Insight’s Cyber Security Conference, as you’ll assess how new technologies such as AI can secure your organisation against future threats.

PixelPlex

PixelPlex

PixelPlex is a blockchain and custom software development company with offices and developers in New York, Geneva, and Seoul.

North American International Cyber Summit

North American International Cyber Summit

The North American International Cyber Summit brings together experts from around the globe to provide timely content and address a variety of cybersecurity issues impacting the world.

comforte AG

comforte AG

comforte AG is a leading provider of data-centric security technology. Organizations worldwide rely on our tokenization and format-preserving encryption capabilities to secure personal, sensitive data

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center (NCSC) - Vietnam

National Cyber Security Center of Vietnam has a central monitoring function and is a technical focal point for monitoring and supporting information security for people, businesses and systems.

Core to Cloud

Core to Cloud

Core to Cloud provide consultancy and technical support for the planning and implementation of sustainable security strategies.

ProArch

ProArch

ProArch is a global team of multidisciplinary experts in cloud, infrastructure, data analytics, cybersecurity, compliance, and software development.

AuthMind

AuthMind

Prevent your next identity-related cyberattack with the AuthMind Identity SecOps Platform. It works anywhere and deploys in minutes.

Teal

Teal

Teal provides exceptional managed IT solutions for small- to medium-sized organizations that value real partnerships and elevated security.

Two Candlesticks

Two Candlesticks

Two Candlesticks is a global cybersecurity service provider delivering high level consultancy, strategy, and frameworks to governments, regulators and midsized companies.

BeckTek

BeckTek

BeckTek specialize in IT Cyber Security & Support, helping clients run their businesses faster, easier and more profitably.