Check Point's security research department warns of hackers who could use OpenAI's ChatGPT and Codex to launch targeted and efficient cyberattacks. The intelligence can create phishing emails and generates dangerous VBA code for Excel files.
In experimental correspondence, Check Point Research (CPR) tested whether the ChatBot could be used to create malicious code to initiate cyber attacks. ChatGPT (Generative Pre-trained Transformer) is a free-to-use AI chatbot that can provide its users with contextual answers based on data found on the internet. Codex, on the other hand, is an artificial intelligence also developed by OpenAI that is able to translate natural language into code.
The procedure was as follows:
CPR used ChatGPT to create a phishing email posing as a hosting company
CPR repeated ChatGPT to refine a phishing email and ease the infection chain
CPR used ChatGPT to generate VBA code to embed in an Excel document
Malicious e-mails and entire infection chains can be generated with ChatGPT
To demonstrate the dangers of both technologies, CPR used ChatGPT and Codex to generate malicious emails, code and a full chain of infection that can attack users' computers. CPR documents its correspondence with ChatGPT in a new publication with examples of the content produced. The finding underscores the importance of being vigilant as the development of AI technologies like ChatGPT can significantly change the cyber threat landscape.
Using Open AI's ChatGPT, CPR was able to create a phishing email with an attached Excel document containing malicious code to download reverse shells. Reverse shell attacks aim to connect to a remote computer and redirect the input and output connections of the target system's shell so that the attacker can access them remotely.
ChatGPT performs attack steps
Asking ChatGPT to impersonate a hosting company (Image 1).
Ask ChatGPT to repeat the process and create a phishing email with a malicious Excel attachment (Image 2).
Ask ChatGPT to create malicious VBA code in an Excel document (Image 3).
Using Open AIs Codex to create malicious code
CPR was also able to generate malicious code using Codex. CPR gave Codex various orders for this, including:
- Running a reverse shell script on a Windows machine and connecting to a specific IP address.
- Check if a URL is vulnerable to SQL injection by logging in as an administrator.
- Writing a Python script that performs a full port scan on a target machine.
Codex generates malicious code on request
Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software, comments: “ChatGPT has the potential to significantly change the cyber threat landscape. Now anyone with minimal resources and zero knowledge of code can easily exploit this gap and let their imagination run wild.”
Shykevich continues: "It's easy to generate malicious emails and code. In addition, ChatGPT and Codex allow hackers to further process malicious code. To warn the public, we demonstrated how easy it is to create malicious emails and code using the combination of ChatGPT and Codex. I believe these AI technologies represent another step in the dangerous evolution of ever more sophisticated and effective cyber capabilities. The world of cybersecurity is changing rapidly, and we want to emphasize the importance of staying vigilant as this new and evolving technology can impact the threat landscape for both good and bad.”
More at CheckPoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.