Scroll Top

Unleashing WormGPT: the emergence of an AI weapon empowering cybercriminals in advanced cyber attacks

013MqtgYgIArewnrin15WeX-2

The rise of generative artificial intelligence (AI) has not only fascinated researchers but has also attracted the attention of malicious actors seeking to exploit this technology for their nefarious purposes. Recent findings reveal the emergence of WormGPT, a new generative AI cybercrime tool that is being advertised on underground forums as a means for adversaries to conduct sophisticated phishing and business email compromise (BEC) attacks. The tool automates the creation of highly convincing fake emails, personalized to the recipient, thereby increasing the success rate of such attacks.

The threat posed by WormGPT
WormGPT is presented as a blackhat alternative to legitimate generative AI models like GPT, specifically designed for malicious activities. Its capabilities allow cybercriminals to generate convincing phishing emails, raising concerns about the potential impact on victims and organizations. This development comes as OpenAI’s ChatGPT and Google’s Bard are implementing measures to combat the abuse of large language models for fabricating phishing emails and generating malicious code.

Bypassing restrictions
While OpenAI and Google are working to address abuses of large language models, security researchers warn that Bard, in particular, has lower anti-abuse restrictors in the realm of cybersecurity. This makes it easier for threat actors to generate malicious content using Bard’s capabilities. Earlier this year, Israeli cybersecurity firm Check Point highlighted how cybercriminals are circumventing ChatGPT’s restrictions, using its API to trade stolen premium accounts and sell brute-force software for hacking into ChatGPT accounts.

The threat of unethical use
WormGPT’s lack of ethical boundaries underscores the broader threat posed by generative AI. It grants even novice cybercriminals the ability to launch swift and large-scale attacks without requiring advanced technical knowledge. Adding to the concern is the promotion of “jailbreaks” for ChatGPT, allowing the manipulation of the tool to generate output that includes disclosing sensitive information, producing inappropriate content, and executing harmful code.

Democratizing cybercrime
Generative AI empowers cybercriminals by enabling the execution of sophisticated BEC attacks. The use of this technology democratizes cybercrime, as even attackers with limited skills can leverage its capabilities, making it accessible to a broader spectrum of threat actors.

Supply chain poisoning
In another development, researchers from Mithril Security have “surgically” modified an open-source AI model called GPT-J-6B, creating what is known as PoisonGPT. This technique involves uploading the altered model to public repositories, disguising it as a trusted entity such as EleutherAI. This act of supply chain poisoning has the potential to spread disinformation and could be integrated into various applications.

Conclusion
The emergence of WormGPT highlights the alarming misuse of generative AI in the cybercrime landscape. Its ability to generate convincing phishing emails poses a significant threat to individuals and organizations alike. As cybercriminals find ways to exploit the vulnerabilities of large language models, the need for enhanced security measures becomes paramount. Addressing the ethical concerns surrounding the use of generative AI is crucial to safeguarding against the democratization of cybercrime and protecting individuals and businesses from sophisticated attacks. Internetintelligence.eu continues to monitor these developments and provides crucial insights to combat emerging cyber threats effectively.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.