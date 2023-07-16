With generative AI becoming quite the rage lately, it’s no surprise that the technology has been repurposed by cybercriminals for their own benefit, opening avenues for cybercrimes to accelerate. let’s talk about WormGPTbut let’s go in order.

What would WormGPT be?

An AI-generative cybercrime tool called WormGPT has been advertised on clandestine forums as a way for adversaries to launch sophisticated phishing and corporate email compromise attacks, according to SlashNext.bec extension).

“This tool is presented as a blackhat alternative to GPT templates, designed especially for malicious activities“, has said security researcher Daniel Kelley. “Cybercriminals can use this technology to automate the creation of highly convincing spoofed emails that are personalized to the recipient, thus increasing the chances of a successful attack.”

The software author described it as the “biggest enemy of the well-known ChatGPT” That “it lets you do all sorts of illegal activities“.

In the hands of not-so-well-meaning people, tools like WormGPT could be a powerful weapon, especially as OpenAI ChatGPT and Google Bard are taking more and more steps to combat the abuse of large language models (LLM) for fabricate phishing emails convincing and generate code harmful.

“Bard’s cybersecurity abuse limiters are significantly lower than those of ChatGPT“, has stated Check Point, an Israeli cybersecurity firm, in a report this week. “As a result, it is much easier to generate malicious content using Bard’s capabilities.”

In early February this year, the Israeli cybersecurity firm revealed how cybercriminals are bypassing ChatGPT restrictions by taking advantage of its APIsnot counting premium account trading stolen and selling brute-force software to hack ChatGPT accounts using huge lists of email addresses and passwords.

The fact that WormGPT operates without any ethical boundaries underscores the threat posed by generative AI, allowing even novice cybercriminals to launch large-scale and rapid attacks without having the technical expertise to do so.

Making matters worse, bad actors are promoting “jailbreaks” for ChatGPT, elaborating specialized prompts and inputs which are designed to manipulate the tool to generate output that might involve disclosure of sensitive information, produce inappropriate content, and execute malicious code.

“Generative AI can craft emails with flawless grammar, making them appear legitimate and reducing the likelihood of being flagged as suspiciousKelley said.

“The use of generative AI democratizes the execution of sophisticated BEC attacks. Even attackers with limited skills can use this technology, making it an accessible tool for a wider range of cybercriminals.”

The disclosure comes as Mithril Security researchers “surgically modified” an existing open-source AI model known as GPT-J-6B to spread disinformation and have uploaded it to a public repository like Hugging Face which could then be integrated into other applications, leading to what is referred to as LLM supply chain poisoning.

The success of the technique, called Poison GPTis based on the assumption that the “cracked” model is loaded using a name impersonating a known company, in this case, a typosquat version of EleutherAI, the company behind GPT-J.

Considerations

As technologies like ChatGPT and Bard try to combat the abuse of large language models, tools like WormGPT are emerging that exploit this same technology for malicious purposes, and they certainly won’t be the last.

It is imperative that the cybersecurity community and AI developers work together to develop effective countermeasures against generative attacks, and therefore it is necessary establish tighter restrictions, limit access, and raise awareness of potential threats associated with such tools.

Additionally, users and businesses need to be aware of these new threats and take appropriate security measures, such as phishing awareness education, implementation of multi-factor authentications, and thorough verification of suspicious emails.

The race for generative AI offers unprecedented opportunities for innovation, but it is at the same time a great risk in many sectors (but this should be analyzed elsewhere), but we have to face the negative consequences it entails; only through collaboration and the adoption of preventive measures can we ensure a safer digital future and protect people from the harmful consequences of cybercriminals who exploit these technologies.