Check Point: ChatGPT generates malicious emails and Codes

Check Point Research (CPR) warns of the possibility of hackers using the Chat GPT and his Codex OpenAI to carry out targeted and effective cyber attacks. To demonstrate the above, CPR used ChatGPT and Codex to generate malicious emails, code and a complete infection chain capable of targeting computers. openai

CPR documents its position in a new publication with examples of what has been created, underscoring the importance of vigilance as the development of AI technologies such as ChatGPT can significantly change the cyber threat landscape.

CPR used ChatGPT to create a phishing email impersonating the hosting company
CPR repeated the process with ChatGPT to improve a phishing email to facilitate the infection chain
CPR used ChatGPT to generate VBA code to embed in an Excel document

Check Point Research (CPR) used ChatGPT to create malicious phishing emails and code to warn of the potential dangers new AI technology could have on the cyber threat landscape.

Using Open AI's ChatGPT, CPR was able to create a phishing email, with an attached excel document containing malicious code capable of downloading reverse shells. Reverse shell attacks aim to connect to a remote computer and redirect the shell input and output connections of the target system so that the attacker can gain remote access to it.

The Steps to ChatGPT

1 picture

ChatGPT invites you to impersonate a hosting company (Figure 1)

image2

ChatGPT invites you to repeat the process again by creating a phishing email with a malicious excel attachment (Figure 2)

image3

You invite ChatGPT to generate malicious VBA code in an Excel document (Figure 3)

Open Source AI

CPR was also able to create malicious code using the Codex, in which it requested the following:

  • To run a reverse shell script on a windows computer and connect to a specific IP address
  • Check if the URL is vulnerable to SQL injection by logging in as an administrator
  • Write a python script that performs a full port scan on a target computer

The malicious code was then created by Codex.

Comment by Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software:

“ChatGPT has the potential to significantly change the cyber threat landscape. Anyone with minimal resources and zero knowledge of code can easily exploit this to the detriment of their imagination.

It's easy for them to create malicious emails and code. Hackers can also replicate malicious code with ChatGPT and Codex. To warn the public, we showed how easy it is to use ChatGPT and Codex in combination to create malicious emails and code. I believe that these AI technologies represent another step forward in the dangerous evolution of increasingly sophisticated and effective cyber capabilities. The world of cyber security is changing rapidly, and we want to emphasize the importance of vigilance as ChatGPT and Codex become more mature, as this new and developing technology can affect the threat landscape, both for good and for bad.”

More details can be found at https://research.checkpoint.com/2022/opwnai-ai-that-can-save-the-day-or-hack-it-away/

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.098 registrants.
Check Point, ChatGPT

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).