Check Point Research (CPR) warns of the possibility of hackers using the Chat GPT and his Codex OpenAI to carry out targeted and effective cyber attacks. To demonstrate the above, CPR used ChatGPT and Codex to generate malicious messages email, code and a complete chain infection capable of targeting computers. 
CPR documents its position in a new publication with examples of what has been created, underscoring the importance of vigilance as the development of AI technologies such as ChatGPT can significantly change the cyber threat landscape.
CPR used ChatGPT to create a phishing email impersonating company hosting
CPR repeated the process with ChatGPT to improve a phishing email to facilitate the infection chain
CPR used ChatGPT to generate VBA code to embed in an Excel document
Check Point Research (CPR) used ChatGPT to create malicious phishing emails and code to warn of the potential dangers new AI technology could have on the cyber threat landscape.
Using Open AI's ChatGPT, CPR was able to create a phishing email, with an attached excel document containing malicious code capable of downloading reverse shells. Reverse shell attacks aim to connect to a remote computer and redirect the shell input and output connections of the target system so that the attacker can gain remote access to it.
The Steps to ChatGPT
ChatGPT invites you to impersonate a hosting company (Figure 1)
ChatGPT invites you to repeat the process again by creating a phishing email with a malicious excel attachment (Figure 2)
You invite ChatGPT to generate malicious VBA code in an Excel document (Figure 3)
Open Code AI
CPR was also able to create malicious code using the Codex, in which it requested the following:
- To run a reverse shell script on a windows computer and connect to a specific IP address
- Check if the URL is vulnerable to SQL injection by logging in as an administrator
- Write a python script that performs a full port scan on a target computer
The malicious code was then created by Codex.
Comment by Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software:
“ChatGPT has the potential to significantly change the cyber threat landscape. Anyone with minimal resources and zero knowledge of code can easily exploit this to the detriment of their imagination.
It's easy for them to create malicious emails and code. Hackers can also replicate malicious code with ChatGPT and Codex. To warn the public, we showed how easy it is to use ChatGPT and Codex in combination to create malicious emails and code. I believe that these technologies artificialintelligence systems represent another step forward in the dangerous evolution of increasingly sophisticated and effective cyber capabilities. The world of cyber security is changing rapidly, and we want to emphasize the importance of vigilance as ChatGPT and Codex mature, as this new and developing technology can impact the threat landscape, both for good and for bad.”
More details can be found at https://research.checkpoint.com/2022/opwnai-ai-that-can-save-the-day-or-hack-it-away/
