Cyber security experts continue to warn that advanced chat-box, like ChatGPT, are making it easier for cyber criminals to craft phishing emails with pristine spelling and grammar. Every hacker can now use AI to deal with all misspellings and poor grammar. The idea that you can rely on looking for bad grammar or spelling or spot fishing attack is no longer the case. We used to say that you could identify phishing attacks because the emails look a certain way. That no longer works.
In Europol’s advisory report the organization highlighted a similar set of potential problems caused by the rise of AI chat bots including fraud and social engineering, disinformation, and cyber-crime.
The systems are also useful for helping would-be criminals through the actual steps required to harm others. The possibility to use the model to provide specific steps by asking contextual questions means it is significantly easier for malicious actors to better understand that subject subsequently carry out various types of crime. AI technology will be particularly useful for spearfishing emails. Even if someone said, don’t worry about ChatGPT, it’s going to be commercialized. Well in that game the genie is out of the bottle.
What we think is having an immediate impact on the threat landscape is that this type of technology is being used for better and more scalable social engineering: AI allows you to craft a very believable spearfishing emails and other written communications with very little effort, especially compared to what you had to do before.
What to do?
Examine the network to identify potential vulnerabilities and patch those vulnerabilities.
Apply security updates as soon as they are made available.
Segment your networks.
Be cautious if you receive any suspicious messages even from apparently official sources.
Don’t click before thoroughly reviewing the information to verify authenticity
What can you do when this happens to you?
If you find your network has been compromised, immediately shut down.
Identify the breach and type of virus or malware present.
Identify any data which might have been compromised or stolen and inform appropriate parties.
Rebuild the network from a known clean backup
Source. ‘Grim’ Criminal Abuse of ChatGPT is Coming, Europol Warns – SecurityWeek