Generative artificial intelligence (AI) is all the rage these days, so why is this technology being repurposed by malicious actors to their advantage, enabling an accelerated path to cybercrime? is probably not surprising.
New generative AI cybercriminal tools will: Worm GPT is touted on underground forums as a way for adversaries to launch sophisticated phishing and business email compromise (BEC) attacks.
“This tool acts as a black hat alternative to the GPT model and is specifically designed for malicious activity,” said security researcher Daniel Kelly. “Cybercriminals can use technology like this to automate the creation of highly persuasive fake emails that are customized to their recipients, increasing the chances of a successful attack.”
The author of this software describes it as “the biggest enemy of the famous ChatGPT”, which “allows all kinds of illegal activities”.
Malicious attacks, especially as OpenAI ChatGPT and Google Bard take steps to combat the exploitation of Large Language Models (LLMs) to forge compelling phishing emails to generate malicious code. In the hands of an attacker, a tool like WormGPT can be a powerful arsenal.
“Bard’s anti-abuse limits in the cybersecurity space are significantly lower than those of ChatGPT,” Check Point said in a report this week. “As a result, Bard’s capabilities make it much easier to generate malicious content.”
Earlier this year in February, an Israeli cybersecurity firm announced that cybercriminals could use its API to circumvent ChatGPT restrictions, trade stolen premium accounts, and use vast lists of email addresses and passwords. and sell brute force software to hack ChatGPT accounts. .
The fact that WormGPT operates without ethical boundaries underscores the threat posed by generative AI, even allowing novice cybercriminals to launch rapid and large-scale attacks without technical means. to
Shielding Against Insider Threats: Mastering SaaS Security Posture Management
Worried about insider threats? We’ve got you covered! Join us for this webinar to explore practical strategies and proactive security secrets using SaaS Security Posture Management.
join today
To make matters worse, threat actors are promoting ChatGPT “jailbreaks,” designing specialized prompts and inputs designed to manipulate the tool and produce output that can lead to sensitive information disclosure, non-disclosure May include creating appropriate content and executing harmful code.
“Generative AI can create emails with perfect grammar, making them appear legitimate and reducing the chances of them being marked as suspicious,” Kelly said.
“The use of generative AI democratizes the execution of sophisticated BEC attacks. Attackers with limited skills can use this technology, making it an accessible tool for a wider range of cybercriminals. ”
The disclosure saw Mithril Security researchers “surgically” modify an existing open-source AI model known as GPT-J-6B to spread disinformation and upload it to public repositories like Hugging Face. It was done in a way that allows it to be integrated into other applications. It’s called LLM Supply Chain Poisoning.
The success of this technology, called PoisonGPT, involves a lobotomized model being uploaded using a name spoofing a typosquatting version of a known company, in this case EleutherAI, the company behind GPT-J. prerequisites apply.
