The recent report by cybersecurity firm SlashNext highlights the emergence of a new AI tool called WormGPT, which is being used by cybercriminals to carry out business email compromise (BEC) attacks. WormGPT operates similarly to Microsoft’s conversational AI bot, ChatGPT, but with malicious intent. This underscores the ability of cybercriminals to exploit AI technology for their nefarious purposes.
Hackers have been advertising jailbreak methods for ChatGPT on technology forums, allowing them to breach the network framework and manipulate the AI bot. This enables them to extract sensitive information or generate inappropriate content. The ability to infiltrate AI systems and manipulate their outputs creates significant challenges in preventing cybercriminals from exploiting these platforms.
BEC attacks orchestrated through WormGPT are particularly concerning due to their refined grammar, which minimizes suspicion. Daniel Kelley, head of security research at SlashNext, emphasizes the need for organizations to proactively implement preventive measures to automate the identification of BEC attacks. It is also crucial to educate employees about the risks associated with AI-based BEC threats and provide them with effective strategies to mitigate these risks.
A comprehensive security approach should include monitoring employees’ email handling behavior using AI-based tools as part of an overall strategy to enhance the organization’s security posture. By implementing preventive measures, educating employees, and monitoring email activities, organizations can better protect themselves against the evolving threats posed by AI-based cyberattacks.
1. WormGPT, an AI tool, is being used by cybercriminals for business email compromise attacks.
2. Hackers have been advertising jailbreak methods for ChatGPT to manipulate the AI bot.
3. Infiltrating AI systems can generate misleading outputs and inappropriate content.
4. BEC attacks orchestrated through WormGPT are concerning due to their refined grammar.
5. Organizations should proactively implement preventive measures, educate employees, and monitor email activities to mitigate AI-based cyberattack risks.