ChatGPT: AI-designed malicious emails and code

15 January 2023
| No comments
B2B Cyber ​​Security ShortNews

Share post

Check Point's security research department warns of hackers who could use OpenAI's ChatGPT and Codex to launch targeted and efficient cyberattacks. The intelligence can create phishing emails and generates dangerous VBA code for Excel files.

In experimental correspondence, Check Point Research (CPR) tested whether the ChatBot could be used to create malicious code to initiate cyber attacks. ChatGPT (Generative Pre-trained Transformer) is a free-to-use AI chatbot that can provide its users with contextual answers based on data found on the internet. Codex, on the other hand, is an artificial intelligence also developed by OpenAI that is able to translate natural language into code.

The procedure was as follows:

🔎 Simple phishing email generated by ChatGPT (Image: Check Point).

CPR used ChatGPT to create a phishing email posing as a hosting company
CPR repeated ChatGPT to refine a phishing email and ease the infection chain
CPR used ChatGPT to generate VBA code to embed in an Excel document

Malicious e-mails and entire infection chains can be generated with ChatGPT

To demonstrate the dangers of both technologies, CPR used ChatGPT and Codex to generate malicious emails, code and a full chain of infection that can attack users' computers. CPR documents its correspondence with ChatGPT in a new publication with examples of the content produced. The finding underscores the importance of being vigilant as the development of AI technologies like ChatGPT can significantly change the cyber threat landscape.

Using Open AI's ChatGPT, CPR was able to create a phishing email with an attached Excel document containing malicious code to download reverse shells. Reverse shell attacks aim to connect to a remote computer and redirect the input and output connections of the target system's shell so that the attacker can access them remotely.

ChatGPT performs attack steps

🔎 Simple VBA code generated by ChatGPT (Image: Check Point).

Asking ChatGPT to impersonate a hosting company (Image 1).
Ask ChatGPT to repeat the process and create a phishing email with a malicious Excel attachment (Image 2).
Ask ChatGPT to create malicious VBA code in an Excel document (Image 3).

Using Open AIs Codex to create malicious code

CPR was also able to generate malicious code using Codex. CPR gave Codex various orders for this, including:

  • Running a reverse shell script on a Windows machine and connecting to a specific IP address.
  • Check if a URL is vulnerable to SQL injection by logging in as an administrator.
  • Writing a Python script that performs a full port scan on a target machine.

Codex generates malicious code on request

🔎 Iterated phishing email generated by ChatGPT (Image: Check Point).

Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software, comments: “ChatGPT has the potential to significantly change the cyber threat landscape. Now anyone with minimal resources and zero knowledge of code can easily exploit this gap and let their imagination run wild.”

Shykevich continues: "It's easy to generate malicious emails and code. In addition, ChatGPT and Codex allow hackers to further process malicious code. To warn the public, we demonstrated how easy it is to create malicious emails and code using the combination of ChatGPT and Codex. I believe these AI technologies represent another step in the dangerous evolution of ever more sophisticated and effective cyber capabilities. The world of cybersecurity is changing rapidly, and we want to emphasize the importance of staying vigilant as this new and evolving technology can impact the threat landscape for both good and bad.”

More at CheckPoint.com

 

About check point

Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

Short news
, , , , , ,