{"id":95498,"date":"2023-07-19T07:06:00","date_gmt":"2023-07-19T07:06:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=95498"},"modified":"2023-07-19T07:06:00","modified_gmt":"2023-07-19T07:06:00","slug":"cyber-criminal-ai-tool-wormgpt-produces-unsettling-results","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=95498","title":{"rendered":"Cyber criminal AI tool WormGPT produces \u2018unsettling\u2019 results"},"content":{"rendered":"
<\/div>\n

A generative AI tool<\/a> called WormGPT that operates without the ethical boundaries or hard-coded limitations of legitimate services such as OpenAI\u2019s ChatGPT or Google Bard is being sold right now to cyber criminal operators on the dark web, it has emerged.<\/p>\n

The existence of the tool was uncovered by researchers at email security specialist SlashNext<\/a> and former black hat hacker Daniel Kelley, who gained access to the tool and used it to conduct tests focusing on business email compromise (BEC) attacks<\/a>. He said WormGPT produced \u201cunsettling\u201d results.<\/p>\n

\u201cWormGPT produced an email that was not only remarkably persuasive but also strategically cunning, showcasing its potential for sophisticated phishing and BEC attacks,\u201d he wrote.<\/p>\n

Kelley warned that the experiment he conducted highlighted the degree of threat posed by generative AI technologies, even in the hands of relative novices.<\/p>\n

WormGPT appears to have been developed specifically for malicious use cases and is based on the GPTJ large language model<\/a> (LLM) released two years ago. It also appears to have been specifically trained on datasets related to malware, although this is not fully confirmed.<\/p>\n

According to Kelley and the SlashNext team, it includes features such as unlimited character support, memory retention and code-formatting capability.<\/p>\n

In forum screengrabs shared by SlashNext, WormGPT\u2019s supposed creator \u2013 who described it as \u201cthe biggest enemy\u201d of ChatGPT \u2013 said their project \u201clets you do all sorts of illegal stuff and easily sell it online in the future\u201d.<\/p>\n

They added: \u201cEverything black hat related that you can think of can be done with WormGPT, allowing anyone access to malicious activity without ever leaving the comfort of their home.\u201d<\/p>\n

While few of the often alarmist claims<\/a> about the potentially malicious capabilities of generative AI tools have come to fruition, cyber security experts have generally agreed that one of the most immediate cyber criminal use cases for tools like ChatGPT centres on generating convincing lures<\/a>.<\/p>\n

In this regard, the development of the WormGPT tool appears to be a logical next step. ESET<\/a> cyber security advisor Jake Moore said: \u201cIt was inevitable that a competitor platform [to ChatGPT] would soon take advantage of using the technology for illicit gain.\u201d <\/p>\n

\n

\u201cWormGPT has the power of an LLM behind it, enabling emails to be sent without mistakes. This takes phishing to a new level\u201d <\/figure>
Kevin Curran, IEEE & Ulster University<\/strong> <\/figcaption><\/i> <\/p>\n<\/blockquote>\n

IEEE<\/a> senior member and Ulster University<\/a> professor of cyber security Kevin Curran<\/a> said there was no doubt that WormGPT would make it easier for nefarious actors to launch cyber attacks.<\/p>\n

\u201cA tool called Metasploit<\/a> has existed for many years and allows phishing emails to be sent out en masse, but a common problem has always been poor grammar and spelling mistakes, and typos are a key indicator of spam mail,\u201d said Curran. \u201cWormGPT has the power of an LLM behind it, enabling emails to be sent without mistakes. This takes phishing to a new level. The emails produced will be super realistic and adopt increasingly compelling topics, which helps cyber criminals lure users to click on links within emails or download malware.<\/p>\n

\u201cRecently, LLMs have also been used to auto-generate fake landing pages, which can lead to people handing over their passwords or other personal information. WormGPT is still lacking a modern interface and many necessary features for business email compromise, but hacking tools generally get better so it may only be a matter of time. Any tool which makes hacking easier is a worry to all of us.\u201d<\/p>\n

\n

<\/i>First steps for defenders<\/h3>\n

With WormGPT already at large in the wild \u2013 possibly for a few months at this point \u2013 defenders can get out in front of the danger it poses with a few simple steps, the most immediately useful being to double down on anti-phishing education and training across the workforce.<\/p>\n

\u201cAI chat tools create a powerful tool, but we are wandering into the next phase, which casts a dark cloud over the technology as a whole,\u201d said ESET\u2019s Moore.<\/p>\n

\u201cAwareness is becoming more desperate than ever, plus even more layers of security are required for even the simplest of tasks to mitigate risk. Counter technology is still not powerful enough to tackle it digitally so the onus falls on the end users to protect themselves where they can for now and the immediate future.\u201d<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

A generative AI tool called WormGPT that operates without the ethical boundaries or hard-coded limitations of legitimate services such as OpenAI\u2019s ChatGPT or Google Bard is being sold right now to cyber criminal operators on the dark web, it has emerged. The existence of the tool was uncovered by researchers at email security specialist SlashNext […]<\/p>\n","protected":false},"author":1,"featured_media":95499,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-95498","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95498","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=95498"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/95498\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/95499"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=95498"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=95498"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=95498"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}