WormGPT, a generative AI tool, has emerged as a powerful weapon in the hands of cybercriminals, especially for launching business email compromise (BEC) attacks, according to new findings shared by security firm SlashNext.
“We are currently seeing a disturbing trend among cybercriminals on forums, evident in discussion threads that offer ‘jailbreaking’ of interfaces such as ChatGPT,” said SlashNext, who worked with the SlashNext team on this research. Security expert Daniel Kelly writes:
From a technical point of view, these “jailbreaks” are special prompts that are becoming more and more common, Kelly said.
“These are carefully designed to manipulate interfaces like ChatGPT to produce output that may involve disclosing sensitive information, creating inappropriate content, or even executing harmful code. It refers to input created in ,” said the security researcher.
“The prevalence of such behavior underscores the growing challenge of maintaining AI security in the face of determined cybercriminals.”
Kelly also highlighted the benefits of BEC attacks, such as perfecting email grammar to reduce suspicion. A lower penetration threshold democratizes the use of this technology by allowing cybercriminals with limited skills to carry out sophisticated attacks.
For more information on AI-based attacks, see ChatGPT Creates Polymorphic Malware.
“Not only does correct grammar make emails more persuasive, but the near-easy creation of emails lowers the barrier to entry for would-be criminals,” said Timothy Morris, Chief Security Advisor at Tanium. commented. “It goes without saying that since language is no longer an obstacle, we can increase the pool of potential victims.”
Experts believe that organizations need to take strong precautions to protect themselves from AI-powered BEC attacks.
This includes developing extensive training programs to educate employees about AI-enhanced BEC threats, implementing a rigorous email verification process, and leveraging systems to flag potentially malicious emails. included.
“Existing effective security awareness and behavior change programs protect against AI-enhanced phishing attacks,” explains co-founder and CEO Mika Aalto. Hokhunt.
“Be sure to focus on your employees and their email behavior in your overall cybersecurity strategy, because that is what adversaries are doing with new AI tools.”
SlashNext’s findings come days after Kaspersky revealed a new malicious campaign that relied on email attacks targeting cryptocurrency wallets.
