Check Point Research (CPR) is warning of hackers potentially using OpenAI’s ChatGPT and Codex to execute targeted and efficient cyber-attacks.
CPR used ChatGPT and Codex to produce malicious emails, code and a full infection chain capable of targeting people’s computers to warn of the potential dangers the new AI technology can bring.
CPR documents its correspondence in a new article with examples of what was generated, underscoring the importance of vigilance as developing AI technologies, like ChatGPT, can change the cyber threat landscape significantly.
Using Open AI’s ChatGPT, CPR was able to create a phishing email, with an attached Excel document containing malicious code capable of downloading reverse shells. Reverse shell attacks aim to connect to a remote computer and redirect the input and output connections of the target system’s shell so the attacker can access it remotely.
“ChatGPT has the potential to significantly alter the cyber threat landscape. Now anyone with minimal resources and zero knowledge in code, can easily exploit it to the detriment of his imagination. It is easy to generate malicious emails and code. Hackers can also iterate on malicious code with ChatGPT and Codex. To warn the public, we demonstrated how easy it is to use the combination of ChatGPT and Codex to create malicious emails and code. I believe these AI technologies represent another step forward in the dangerous evolution of increasingly sophisticated and effective cyber capabilities. The world of cybersecurity is rapidly changing and we want to emphasize the importance of remaining vigilant as ChatGPT and Codex become more mature, as this new and developing technology can affect the threat landscape, for both good and bad.” Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software said.