This appeared last week:
Meet hackers’ favourite new tool: WormGPT
By David Swan
November 3, 2023 — 5.00am
Cybersecurity researchers are sounding an alarm about the hacking community’s answer to ChatGPT, a new generative AI tool dubbed WormGPT, which is being used to create sophisticated attacks on Australian businesses.
WormGPT is being described as similar to ChatGPT, but with no ethical boundaries or limitations, and researchers say hundreds of customers have already paid for access to the tool on the dark web.
A 23-year-old Portuguese programmer, “Last”, describes himself as the creator of WormGPT, and pitches it as a piece of technology that “lets you do all sorts of illegal stuff and easily sell it online in the future”.
“Everything blackhat related that you can think of can be done with WormGPT, allowing anyone access to malicious activity without ever leaving the comfort of their home,” Last said in an online post on the dark web, in which he sold access to the tool.
While businesses are still excited about the productivity benefits generative AI can bring, industry figures are warning that the new technology is set to unleash a wave of innovative cyberattacks against businesses and individuals.
Patrick Butler, managing partner at Australian cyber firm Tesserent, said that malicious parties were signing up to criminal forums to rent access to WormGPT and using it to craft convincing phishing emails in different languages, which then allowed them to commit identity theft and compromise systems access.
While phishing emails were often characterised by poor spelling or grammar, generative AI could create emails with impeccable English, Butler said, and tools such as WormGPT could be used by attackers with limited technical skills.
“We’re seeing malicious generative AI being used to create new malware variants that are more difficult for some traditional tools to detect,” Butler said. “These platforms can even assist criminals in exploiting published vulnerabilities.
“While some legitimate AI tools can be used to conduct software code reviews, developers should be discouraged from doing this as their code may be used to train AI models that criminals gain access to, giving them further intelligence into organisational systems.”
Butler said the number of different threat actors would likely escalate as generative AI made it easier for criminals to access cyberattack tools. He said the Tesserent Security Operations Centre had already found an increase in phishing campaigns and malicious email activities targeting Australian organisations, particularly in the months following the emergence of WormGPT and similar tools.
There are now at least six different generative AI tools available to rent or purchase on the dark web, including FraudGPT, EvilGPT, DarkBard, WolfGPT, XXXGPT and WormGPT with more appearing, according to Butler.
“While most lack the large capacity of public-facing tools like ChatGPT and Bard, they are proliferating quickly, which can make them harder to find and take down.”
Scott Jarkoff, director of intelligence strategy, APJ & META, at CrowdStrike, said cybersecurity activity had risen amid the conflict in the Middle East, meaning businesses should be even more vigilant than usual.
He said hacking groups from the so-called “big four” of Russia, China, North Korea and Iran had been using generative AI tools to craft attacks in perfect English.
“The Israel-Hamas conflict is now giving criminals a perfect lure to say ‘hey, visit this site to donate to whichever cause you believe in’, and that means it’s now more important that everyone takes cybersecurity more seriously,” he said.
“We all take safety seriously, why do we not take cyber seriously? We’ve got to get to a point where cyber hygiene is built into everyone’s muscle memory, just as safety is built into everyone’s muscle memory.”
Generative AI is not only being used to create realistic phishing emails. It’s also supercharging social engineering, with bad actors using AI to create realistic fake accounts to spread misinformation, according to Dan Schiappa, chief product officer at cyber vendor Arctic Wolf.
More here:
https://www.smh.com.au/technology/meet-hackers-favourite-new-tool-wormgpt-20231102-p5eh5l.html
Inevitable but pretty sad I reckon. There is always someone around to spoil the party!
The prospect of grammatically perfect phishing e-mails from Iran of all places is just too horrible to contemplate!
Important we all know about the threat – and be bloody careful out there!
David.