Is ChatGPT a threat to cybersecurity now being used by hackers? Experts from the cyber research arm of Check Point say yes.
ChatGPT (Generative Pre-trained Transformer) is a chatbot that was launched by OpenAI in November 2022. Chatbot.com explains that a chatbot is software that simulates human-like conversations with users via chat. Its key task is to answer user questions with instant messages. OpenAI is an artificial intelligence (AI) research laboratory run by the for-profit corporation OpenAI LP and its parent company, the non-profit OpenAI Inc.
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at office@jewishbusinessnews.com.
Thank you.
So, what does it do? Well, it helps organizations by automating aspects of their client relations services.
The software’s makers say ChatGPT interacts in a conversational way. The dialogue format makes it possible for ChatGPT to answer follow-up questions, admit its mistakes, challenge incorrect premises, and reject inappropriate requests. ChatGPT is a sibling model to InstructGPT, which is trained to follow instruction in a prompt and provide a detailed response. This allows people to devote more of their time to less mundane tasks.
But as with any such technology, there is always a risk that it could be used by hackers.
According to Check Point, ChatGPT successfully conducted a full infection flow, from creating a convincing spear-phishing email to running a reverse shell, capable of accepting commands in English. The question at hand is whether this is just a hypothetical threat or if there are already threat actors using OpenAI technologies for malicious purposes.
CPR’s analysis of several major underground hacking communities shows that there are already first instances of cybercriminals using OpenAI to develop malicious tools. As we suspected, some of the cases clearly showed that many cybercriminals using OpenAI have no development skills at all. Although the tools that we present in this report are pretty basic, it’s only a matter of time until more sophisticated threat actors enhance the way they use AI-based tools for bad.
Check Point showed how some hackers have already successfully used ChatGPT to spread malware and other malicious programs.
CPR said that basically, the jury is still out on how dangerous this new software may be. “It’s still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for participants in the Dark Web,” it said. “However, the cybercriminal community has already shown significant interest and are jumping into this latest trend to generate malicious code. CPR will continue to track this activity throughout 2023.”
