security

ChatGPT may be a bigger cybersecurity risk than an actual benefit – BleepingComputer


ChatGPT made a splash with its user-friendly interface and believable AI-generated responses. With a single prompt, ChatGPT provided detailed answers that other AI assistants had not achieved. Powered by a massive dataset that ChatGPT had been trained on, the breadth and variety of topics it could address quickly amazed the tech industry and the public.

However the technology sophistication raises inevitable question: what are the drawbacks of ChatGPT and similar technologies? With capabilities to generate a multitude of realistic responses, ChatGPT could be used to create a host of responses capable of tricking an unassuming reader into thinking a real human is behind the content.


Understanding ChatGPT

When you think of AI assistants, Google and Alexa may come to mind first. You ask a question like “What’s the weather today?” and get a brief answer. Although some conversational features have been available, most don’t produce long-form AI-generated text that can be expanded upon through further interaction.

ChatGPT takes a complex prompt and generates a full response, potentially spanning multiple paragraphs. It remembers the prior conversation and builds on it when asked further questions, providing more detailed responses.

An example is shown below: ChatGPT lists instructions to bake a chocolate cake.

ChatGPT providing instructions on baking a cake
Source: Specops

This conversation can range from a simple ingredient list to a full-fledged short story. However, ChatGPT may not respond to certain topics due to its dataset.

Additionally, it is important to note that just because a response is generated does not mean it is accurate. ChatGPT does not “think” like us; it uses data from the internet to generate a response. As a result, incorrect data and associated biases may lead to an unexpected answer.

Readers Also Like:  Indexes dip under bond market pressure, tech losses - Arkansas Online

The Risks of AI Assistants

As alluded to above, not all responses are equal. But that is not the only risk. ChatGPT responses can be convincing, and thus, the potential to generate content that could deceive an individual into believing it was written by a person exists.

This may lead to the weaponization of such technology in the tech world.

Many phishing emails are easily recognizable, particularly when written by non-native speakers. However, ChatGPT could make the task significantly easier and more convincing as noted in this article by CheckPoint.

The speed of generation and response quality opens the door to much more believable phishing emails and even simple exploit code generation.

Furthermore, since the ChatGPT model is open-source, an enterprising individual could create a dataset of existing company-generated emails to create a tool that quickly and easily produces phishing emails.

ChatGPT writing a password reset request from Microsoft
Source: Specops

Phishing emails can provide threat actors with a way to gain access to your system and deploy malware or ransomware, potentially causing serious damage. As ChatGPT continues to improve, it will become an increasingly powerful tool for malicious actors.

What about a non-native speaker attempting to convince an employee, through conversation, to give up their credentials?

Though the existing ChatGPT interface has protections against requesting sensitive information, you can see how the AI model helps to inform the flow and dialog that a Microsoft helpdesk technician may use, lending authenticity to a request.

Impersonating Microsoft Help Desk
Source: Specops

Protecting Against ChatGPT Abuse

Have you received a suspicious email and wondered if it was written entirely or partially by ChatGPT? Fortunately, there are tools that can help. These tools work on percentages, so they can’t provide absolute certainty. However, they can raise reasonable doubt and help you ask the right questions to determine if the email is genuine.

Readers Also Like:  Federal funding to boost Virginia Tech, Commonwealth Cyber Initiative wireless network security projects - Virginia Tech

For example, after pasting in the content of the previously created password reset email, the tool GPT Zero highlights the sections that may be generated by an AI. This is not a foolproof detection, but it may give you pause and question the authenticity of a given piece of content.

Detecting AI-generated content
Source: Specops

You can use this tool to help identify AI generated text: https://gptzero.me/.

Social Engineering on the rise with ChatGPT

From fake support requests, to caller ID spoofing, and now even scripting with ChatGTP. The internet is full of resources to help promote successful social engineering schemes. Threat actors are advancing social engineering attacks by combining multiple attack vectors together, using ChatGPT alongside other social engineering methods.

ChatGPT can help attackers better create a fake identity, making their attacks more likely to succeed.

Staying Safe with Specops Secure Service Desk

Specops Secure Service Desk helps prevent cyberattacks on your help desk, including ChatGPT-generated social engineering attempts. With Specops Secure Service Desk, you can make sure that a user is who they say they with a secure verification approach, that goes beyond security questions, which can be easily sourced by cyber criminals in a targeted social engineering attack.

For example, in the event that a user calls the service desk for a password reset, the tool will require service desk agents to verify the identity of the user before resetting their password.

The user can be verified with a one-time code sent to the mobile number associated with their Active Directory account, or even with existing authentication services, like Duo Security, Okta, PingID, and Symantec VIP. Organizations can also layer these options to enforce MFA at the service desk.  

Readers Also Like:  Tech sector H-1B employees’ spouses can work in U.S., judge says - The Seattle Times

With vishing scams showing no signs of slowing down, and ChatGTP set to evolve with AI technology, investing in the Specops Secure Service Desk solution could be a vital step for organizations looking to protect themselves.

The Future of ChatGPT and Securing Your Users

ChatGPT is a game-changer, providing an easy-to-use and powerful tool for AI-generated conversations. While there are numerous potential applications, organizations should be aware of how attackers can use this tool to improve their tactics, and the additional risks it can pose to their organization.

Sponsored and written by Specops Software



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.