The Dangers of GenAI
February 14, 2024
Topics
- AI
- Artificial Intelligence
- MFA
- Phishing
Introduction
Since late 2022, artificial intelligence (AI) has been making headlines almost every week. The first big story on AI was when OpenAI launched their product ChatGPT. Since then, many other companies have followed suit and developed their own AI chatbots that seem to gain more and more functionality as time goes on. Tech giants like Google and Microsoft have also joined the race to create the best AI with Google launching Gemini (Bard) in early 2023 and Microsoft launching Copilot in late 2023. As AI continues to evolve, the risk it poses to organizations around the world will also increase.
Phishing Driven Ransomware
It is no secret that most ransomware attacks occurring today are initiated through phishing attacks. Phishing refers to a form of social engineering that is often used by hackers to trick their victims into revealing sensitive information such as passwords and banking information. It is also used by hackers as a method to install malware on the victim’s device.
Recent statistics from CISA and Cisco found that 90% of data breaches in the US were the result of phishing attacks. Another finding from Splunk shed light on the fact that in the past 12 months, 96% of companies fell victim to at least one phishing attack, and 83% were affected by two or more.
GenAI and Phishing
As AI technology evolves, cybercriminals are starting to learn how to use AI for their own nefarious purposes. In the black market today, you can find versions of ChatGPT that have been engineered to serve the purpose of crafting phishing emails and generating modified malicious payloads. Two of the more popular versions of this program are WormGPT and FraudGPT. These models have become so advanced that it has become increasingly difficult to distinguish an email generated by the program and one made by a human. These GenAI tools have enabled hackers to automate the generation of almost an unlimited number of phishing messages.
How to Protect Against GenAI and Phishing
The primary targets in phishing attacks are humans, but the goal of these attacks is to acquire credentials in most cases. One of the best and easiest ways to protect against stolen credentials is to go passwordless and upgrade to biometrics. With biometrics your password is something that only you have. It makes it more difficult for attackers to gain access to your accounts and your systems. Some popular examples of biometrics include fingerprints, facial recognition, and retina scans.
Conclusion
Even before the creation of GenAI tools like ChatGPT, Artificial intelligence has proven to have many benefits. However, during this time it has also posed many threats. Some such threats are the altercation of GenAI tools to create new malicious versions of these tools. With the rise of tools like WormGPT and FraudGPT, phishing poses a major threat to organizations in the near future. These tools allow phishing campaigns to be crafted and launched automatically. Organizations need to look towards protecting their environments and users, by adopting modern authentication such as biometrics. Along with biometrics, it remains important that we continue to practice good phishing hygiene by training regularly and changing passwords on a routine basis.
Sources
- https://thehackernews.com/2024/01/there-is-ransomware-armageddon-coming.html
- https://fastercapital.com/content/FIDO2--Exploring-the-Future-of-Authentication-with-FIDO2-and-2FA.html
