Skip to main content

Watch out - ChatGPT is being used to create malware

Web Hosting & Remote IT Support

The world's most popular chatbot, ChatGPT, is having its powers harnessed by threat actors to create new strains of malware.

Cybersecurity firm WithSecure has confirmed that it found examples of malware created by the notorious AI writer in the wild. What makes ChatGPT particularly dangerous is that it can generate countless variations of malware, which makes them difficult to detect. 

Bad actors can simply give ChatGPT examples of existing malware code, and instruct it to make new strains based on them, making it possible to perpetuate malware without requiring nearly the same level of time, effort and expertise as before. 

For good and for evil

The news comes as talk of regulating AI abounds, to prevent it from being used for malicious purposes. There was essentially no regulation governing ChatGPT's use when it launched to a frenzy in November last year, and within a month, it was already hijacked to write malicioius emails and files

There are certain safeguards in place internally within the model that are meant to stop nefarious prompts from being carried out, but there are ways threat actors can bypass these.

read more

> Hackers are using ChatGPT to write malware

> Fake ChatGPT apps are being used to push malware

> Is ChatGPT becoming a serious security risk for your business?

Juhani Hintikka, CEO at WithSecure, told Infosecurity that AI has usually been used by cybersecurity defenders to find and weed out malware created manually by threat actors. 

It seems that now, however, with the free availability of powerful AI tools like ChatGPT, the tables are turning. Remote access tools have been used for illicit purposes, and now so too is AI. 

Tim West, head of threat intelligence at WithSecure added that “ChatGPT will support software engineering for good and bad and it is an enabler and lowers the barrier for entry for the threat actors to develop malware.”

And the phishing emails that ChatGPT can pen are usually spotted by humans, as LLMs become more advanced, it may become more difficult to prevent falling for such scams in the neat future, according to Hintikka.

What's more, with the success of ransomware attacks increasing at a worrying rate, threat actors are reinvesting and becoming more organized, expanding operations by outsourcing and further developing their understanding of AI to launch more successful attacks.

Hintikka concluded that, looking at the cybersecurity landscape ahead, "This will be a game of good AI versus bad AI."



via Hosting & Support
Labels:

Comments

Post a Comment

Web Hosting
Remote IT Support
Sites & Socials
Computing Handbook - $9.95

Popular posts from this blog

This new malware campaign can hijack your Gmail or Outlook email account

Web Hosting & Remote IT Support Cybersecurity researchers from Cisco Talos have spotted a new hacking campaign they claim is targeting victims’ sensitive data, login credentials, and email inboxes. Horabot is described as a botnet that has been active for almost two and a half years now (first spotted in November 2020). During that time, it’s mostly been tasked with distributing a banking trojan and spam malware .  Its operators seem to be located in Brazil, while its victims are Spanish-speaking users located mostly in Mexico, Uruguay, Venezuela Brazil, Panama, Argentina, and Guatemala. Horabot botnet The victims are found in different industries, from investment firms to wholesale distribution, from construction to engineering, and accounting. The attack starts with an email message carrying a malicious HTML attachment. Ultimately, the victim is urged to download a .RAR archive, which holds the banking trojan.  The malware is capable of doing plenty of things: stealing l
Post a Comment
Read more

Want to store 1PB of data in the cloud? This startup can do it for you for as little as $10,000 a month — Qumulo says it can scale to Exabytes off premise and wants to eradicate tapes once and for all

Web Hosting & Remote IT Support Qumulo has launched Azure Native Qumulo Cold (ANQ Cold), which it claims is the first truly cloud-native, fully managed SaaS solution for storing and retrieving infrequently accessed “cold” file data. Fully POSIX-compliant and positioned as an on-premises alternative to tape storage, ANQ Cold can be used as a standalone file service, a backup target for any file store, including on-premises legacy scale-out NAS, and it can be integrated into a hybrid storage infrastructure, enabling access to remote data as if it were local. It can also scale to an exabyte-level file system in a single namespace. “ANQ Cold is an industry game changer for economically storing and retrieving cold file data,” said Ryan Farris, VP of Product at Qumulo. “To put this in perspective with a common use case, hospital IT administrators in charge of PACS archival data can use ANQ Cold for the long-term retention of DICOM images at a fraction of their current on-premises leg
Post a Comment
Read more

No light without dark : making the most of ‘shadow IT’

Web Hosting & Remote IT Support In the last few decades, technology has created a modern digital workforce that is technically skilled and adept at finding innovative solutions that would help them succeed at work. However, with 95% of employees struggling with digital friction in the workplace - including a lack of access to the right tools - ambitious employees who are hungry for results have often needed to explore fixes outside the scope of existing systems provided by their employers. On top of that, the popularity of cloud-based apps has resulted in business processes often ending up fragmented across various systems, requiring workers to devote time to manual maintenance. This has accelerated the spread of (the unnecessarily ominous sounding) ‘shadow IT’, or applications that savvy workers use without official authorization to help them bypass limitations and get work done. In a perfect world, a balance can be struck between giving these technically skilled workers freed
Post a Comment
Read more