Security researchers were able to use Google's generative AI Bard to generate phishing emails, malware keyloggers and simple ransomware code.
The Generative AI revolution has sparked a paradigm shift in the field of artificial intelligence, enabling machines to create and generate content with remarkable sophistication. Generative AI refers to the subset of AI models and algorithms capable of autonomously generating text, images, music, and even videos that mimic human creations. This breakthrough technology has opened up a multitude of creative possibilities, from empowering artists and designers to increasing productivity across industries. However, the proliferation of generative AI has also raised significant concerns and ethical considerations. One of the main concerns revolves around the possible misuse of this technology for malicious purposes, such as B. Cybercrime.
Malicious Purposes
In previous reports, Check Point Research has detailed how cybercriminals are exploiting the revolutionary technology for malicious purposes, specifically to create malicious code and content via OpenAI's generative AI platform ChatGPT. In this report, researchers turned their attention to Google's generative AI platform "Bard". Starting from this thought and following previous analyses, the security researchers analyzed the platform with two main objectives: To verify whether it is possible to use Bard for malicious purposes (e.g. creation of phishing emails / malware / ransomware ) and in the second step compare Google Bard with ChatGPT in terms of malicious content creation.
What Bard can generate
- Phishing Emails
- Malware keylogger (a monitoring tool that monitors and records every keystroke on a computer)
- Simple ransomware code
First, CPR tried the simplest request to create a phishing email, which was rejected by both ChatGPT and Bard. CPR tried again, asking for a sample phishing email and while ChatGPT denied the request, Bard delivered a well-written phishing email posing as a financial services firm. After further attempts and with a justification for the request, both AI bots eventually delivered a keylogger that recorded "my" keystrokes (researcher's vs. user's) with the difference being that ChatGPT added some kind of disclaimer about malicious use.
Second try
A second attempt showed that Bard also creates simple ransomware code in a roundabout way. After a first simple request failed, the researchers asked Bard about the most common actions performed by ransomware. CPR received a bulleted list of how ransomware works and turned it into script requests with a simple copy and paste operation. This worked: CPR received the code by specifying the requirements for the script. After researchers modified the script a bit with the help of Bard and added some additional functions and exceptions, they got a working ransomware script.
Summary
1. Bard's cybersecurity abuse protections are significantly weaker compared to ChatGPT's. As a result, it is much easier to generate malicious content using Bard's capabilities.
2. Bard contains almost no restrictions on the creation of phishing emails, leaving room for potential misuse and exploitation of this technology.
3. With minimal manipulations, Bard can be used to develop malware keyloggers, which poses a security risk.
4. CPR's experiments have shown that it is possible to create simple ransomware using Bard's capabilities.
Overall, it appears that Google's Bard has yet to fully learn from the lessons ChatGPT has demonstrated in implementing anti-abuse restrictions in cyber spaces. The existing restrictions in Bard are relatively simple and similar to what CPR observed on ChatGPT in its early stages a few months ago. It is hoped that these are only the first steps in a long road and that the platform will soon implement the necessary restrictions and security limits.
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.