The Dark Side Of AI

Uploaded on 2023-03-10 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

Everyone is talking about Chat GPT, the acronym of Generative Chat Pre-trained Transformer, the free chatbot based on Artificial Intelligence created by OpenAI, the artificial intelligence research organisation that promotes the development of friendly AI - intelligences capable of contributing to the good of humanity.

By accessing their website, you can virtually converse with a "virtual person", an artificial intelligence programmed to answer any question, thanks to a sophisticated machine learning model with a high machine learning capability. But what are the risks that this Chatbot can entail?

ChatGPT has already attracted many cyber criminals, who in the first place have made almost identical copies of the site or app. Downloading those from official stores, and installing them in the phone, they can then spread malicious content.

The most serious problem, however, is that through specific and artfully built queries, Chat GPT is the perfect tool that, in the hands of an attacker, helps to create spear phishing attacks.

They are, in fact, hyper customised attacks, calibrated on the information that users, without realising it, share on their social accounts and through daily navigation on PCs and mobile. In this way, cyber criminals use AI to build deceptive content, created specifically for the person they are targeting.

To counter this growing and increasingly insidious phenomenon ERMES, the leading Italian cybersecurity firm, is developing an effective AI system.  According to ERMES, users accessing ChatGPT, will increasingly rely on third-party services and enabling technologies based on AI.

The ERMES tool enables them to use these safely, through application of filters that prevent user from sharing sensitive information such as email, passwords. 

"Chat GPT is the perfect tool which, in the hands of an attacker, helps him carry out what, in the cyber world, are called "spear phishing" attacks. These are personalised attacks, calibrated on the information that users share, without realising it, on their social accounts and through daily browsing on PCs and mobiles. In this way, cybercriminals use AI to build deceptive content, created ad hoc for the person they are addressing." says Lorenzo Asuni, Chief Marketing Officer at Ermes

Three Main Risk Factors Of Using ChatGBT

1.    The number one scam is the birth of phishing sites that exploit the hype on ChatGPT, already hundreds in recent weeks alone. Recognising them is not easy: they have similar domains, look almost identical to web pages or apps and often rely on non-existent integrations, creating duplicates of the service that steal the credentials of those who register.

2.    Spear phishing attacks become easier and more scalable with the rapid production of good quality and highly targeted Business Email Compromise (BEC) campaigns, sms (smishing) or advertising (malware), aimed at various types of fraud, including economic scams and theft of personal data and credentials.

3.    The requirement to share sensitive company information, with a continuous demand for content, answers and analysis. How does this happen? For example, with a simple "reply to this email" request, forgetting to exclude the email of the recipient or sender, which exposes names of customers and other business partners.

Business Email Compromise

A practical example demonstrates the risk to business email users. ChatGPT responds excellently to any content query, but this becomes particularly risky when used as part of a BEC attack. With BEC, attackers use a template to generate a deceptive email, which prompts a recipient to provide him with sensitive information.

With the help of ChatGPT, hackers have the ability to customise any communication, thus potentially having unique content for each email generated thanks to AI, making these attacks more difficult to recognise and detect.

Likewise, writing emails or building a copy of a phishing site can become easier without typos or unique formats, which today are often critical to differentiate these attacks from legitimate emails. The most alarming thing is that it becomes possible to add as many changes to the prompt as "make the email urgent", "emails with a high probability of recipients clicking the link" and so on.

"As regards the risks correlated to the use of tools such as ChatGPT, we can consider the extreme ease with which sensitive information and data of the company are shared today, in many cases without realising it, during requests made to these conversational engines... as phishing campaigns are underway as they use the hype around ChatGPT to clone its appearance or potential integrations and steal important data or user credentials." Lorenzo Asuni said.

You Might Also Read: 

Cyber Criminals Are Quick To Use ChatGPT:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Detecting Digital Injection To Counter Deepfake Biometric Fraud 
Keeping Up With The Increase In Phishing Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions is the manufacturer of the mobile device management solution Cortado MDM.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

Smokescreen

Smokescreen

Smokescreen's IllusionBLACK employs deception technology to detect, deflect and defeat advanced hacker attacks.

Subgraph

Subgraph

Subgraph is an open source security company, committed to making secure and usable open source computing available to everyone.

Neowave

Neowave

Neowave designs, manufactures and markets strong authentication solutions based on smart card components and digital certificates.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

SoSafe

SoSafe

Modern awareness training that works. With memorable content on all areas of IT security, with measurable learning success and full data protection compliance.

Department of Justice & Equality - Cybercrime Division

Department of Justice & Equality - Cybercrime Division

The Cybercrime division is responsible for developing policy in relation to the criminal activity and coordinating a range of different cyber initiatives at national and international level.

OpenZeppelin

OpenZeppelin

OpenZeppelin builds developer tools and performs security audits for distributed systems that power multimillion-dollar economies.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

Global Cyber Risk (GCR)

Global Cyber Risk (GCR)

Global Cyber Risk is a technology and advisory services firm that provides first tier cybersecurity services to both large corporations and small and mid-sized businesses.

Accolite Digital

Accolite Digital

Accolite is an innovative, design thinking software company that guarantees seamless digital experiences with maximum results.

Cyber Security Canada

Cyber Security Canada

Cyber Security Canada is an accredited Certification Body for government-backed Cyber Security Certification Programs, designed specifically for small and medium-sized Canadian businesses.

Security Discovery

Security Discovery

Stay ahead of cyber threats with Security Discovery. We offer expert consulting, comprehensive services, and a powerful vulnerability monitoring SaaS platform.

InfoTrust

InfoTrust

InfoTrust is a leading specialised cybersecurity practice that combines a customer-first consulting approach with next-generation security solutions.