Are Your Sensitive Content Communications Exposed to ChatGPT-generated Cyberattacks?
The world of cybercrime is becoming increasingly complex with criminals using sophisticated technology and techniques to take advantage of unsuspecting victims. As technology advances and organizations become more reliant on digital infrastructure, the number of cyberattacks has risen exponentially.
ChatGPT Takes the World by Storm
Since its release on November 30, 2022, excitement surrounding the potential impact of the new artificial intelligence (AI) ChatGPT technology is difficult to overstate. Myriad new reports, articles, and podcasts have been produced on its business, social, and economic implications. An article in Harvard Business Review last month called it “a tipping point for AI.” In just five days, ChatGPT racked up a million users. Compare this adoption trajectory to Twitter, which took two years to reach a million users. Facebook took 10 months.
The use cases for ChatGPT are nearly endless. It can write essays as good as or better than high school and college students. It can write and debug code. It can provide information on how to set up a security network, answer questions on countless subjects, create detailed outlines for white papers, articles, blog posts, and presentations, serve as a connective tissue between any number of software solutions, write poetry, design artwork … I could go on and on. Any company and any professional not using ChatGPT today is already at a competitive disadvantage.
In 2019, Microsoft invested $1 billion in OpenAI, the firm behind ChatGPT, and became a 49% owner in the company earlier this month by investing another $10 billion. Microsoft is moving quickly, with plans to add ChatGPT to its Bing search engine in March and Office suite later in the year. The full potential of ChatGPT is yet to come as new capabilities are rolled out and venture investments from Microsoft and other firms accelerate their development. Adding real-time internet data to ChatGPT, which currently is a gap (e.g., You.com currently leverages internet data), will expand its already immense data lake (its database of information ends with 2021).
Unfortunately, the potential use cases for ChatGPT have not gone unnoticed by cybercriminals and rogue nation-states. Now ChatGPT was released with cybersecurity guardrails in mind. It will not write malware code if asked and has security protocols in place to identify and decline inappropriate requests. But in the infamous words of Eddie Murphy who played “Donkey” in the hit movie Shrek, “Where there’s a will, there’s a way!” And as often happens with digital transformation, bad actors find workarounds and use the actual technology to circumvent barriers.
Democratization of Malicious Cyber Activity
Earlier this month, an article in Dark Reading revealed that developers tried various ways to bypass the security protocols in ChatGPT and had succeeded in doing so. Specifically, if a prompt is detailed enough to explain to the ChatGPT bot the steps of writing the malware instead of a direct prompt, it will answer the prompt, effectively creating malware on demand which it purportedly will not produce.
With Malware-as-a-Service already prevalently offered on the dark web, bad actors could accelerate the speed and ease at which they launch cyberattacks by simply leveraging AI-generated code. This will democratize malicious cyber activity further by enabling those without coding skills to gain access to malware that can be used to exploit networks, applications, and data.
ChatGPT Research From Check Point Research (CPR)
Based on research conducted by Israeli cybersecurity company Check Point of several hacking communities, there is evidence that cybercriminals are using ChatGPT to formulate more effective cyberattacks now. The Check Point Research (CPR) team pinpointed three such examples.
First, CPR discovered a cybercriminal had used ChatGPT to recreate malware strains and techniques described in prior write-ups about common malware. This actor created a Python-based stealer that searched for 12 common file types (MS Office documents, PDFs, images, etc.), copied them to a temporary folder, zipped them, and sent them over the web. The actor also created a Java snippet that downloads PuTTY and runs it covertly on the system using PowerShell.
Second, CPR discovered a threat actor used ChatGPT to create a multi-layer encryption tool. This script had the capability to generate cryptographic keys, encrypt files in the system using the Blowfish and Twofish algorithms concurrently in a hybrid mode, utilize RSA keys, and use certificates stored in PEM format, MAC signing, and blake2 hash function. As part of a ransomware attack, this encryption tool could be used with malicious intent if modified to encrypt someone’s machine without any user interaction.
Third, the CPR uncovered a cybercriminal activity focused on creating dark web marketplaces scripts using ChatGPT. This code was used to create a platform for the automated trade of illegal or stolen goods, with all payments in cryptocurrencies. CPR also found several additional conversations in underground forums about using ChatGPT for fraud activity, including generating random art with DALLE 2 and selling them online and generating an eBook or short chapter for a specific topic (using ChatGPT) and selling this content online.
Create Targeted, Personalized Phishing Emails
In addition to the three above examples cited by CPR, multiple sources have cited phishing attacks as an area where cybercriminals are likely to employ ChatGPT. Specifically, using ChatGPT, they can include business email compromise (BEC) that poses a serious business risk. ChatGPT can generate disturbingly convincing emails that appear to come from a legitimate source. These emails can be tailored to the target, containing personalized information such as the recipient’s name and job title.
Cybercriminals can also use ChatGPT to generate elaborate stories that are designed to evoke an emotional response from the victim and increase the likelihood of them being tricked. The most common type of phishing attacks using ChatGPT are BEC scams. BEC scams involve sending emails pretending to be a legitimate business or someone the target knows. These emails usually include requests for money or confidential information, and they can appear incredibly realistic, as ChatGPT can provide convincing language and formatting. This can have catastrophic results, as cybercriminals are often able to acquire sensitive information or money from unsuspecting victims. ChatGPT can also be used to create other phishing attacks, such as spear phishing and ransomware.
Protecting Your Sensitive Content Communications From AI-enabled Cyberattacks
The examples are just some of the different ways in which malicious actors can use ChatGPT. No coding experience is needed to write malware. ChatGPT will write the code that will execute the required functionality. Beyond the democratization factor, the more sophisticated the cybercriminal, the greater the potential goes without saying. AI-driven technologies like ChatGPT provide an on-demand means to create templates of code that accelerate the time to pinpoint vulnerabilities and develop corresponding exploits.
When it comes to protecting your sensitive content communications from cyberattack-enabled AI technologies like ChatGPT, there is good news. The Kiteworks Private Content Network extends zero trust to the content layer using principles such as centralized policy management, least-privilege access, always-on monitoring, and a detailed trusted audit of all activity. Following are some of the ways in which Kiteworks protects digital exchanges of sensitive content:
Defense-in-Depth Approach
Kiteworks uses a defense-in-depth approach that applies layers of security across all your sensitive content communication channels—email, file sharing, managed file transfer, and web forms. Our content-defined zero-trust model applies multi-factor authentication (MFA), antivirus, advanced threat protection (ATP), and data loss prevention (DLP) from a central console. Strong TLS 1.2 encryption is used for content in transit, while AES-256 encryption is used for data at rest.
And with advanced persistent threats a likely objective of AI usage by cybercriminals, Kiteworks uses a hardened virtual appliance that is self-contained and preconfigured for optimal security outcomes—closed ports, disabled SSH, embedded antivirus and intrusion detection, and end-to-end encryption. Additionally, all unnecessary services are disabled with fast deployment of patches and hot fixes.
Single-tenant Cloud Hosting Options
Unlike many other sensitive content communication tools and even platforms that use multitenant cloud hosting configurations, Kiteworks uses single-tenant hosting with a dedicated server that is isolated from other tenants. With a single-tenant environment, versus multitenant environments, bad actors are unable to create sandboxes to pinpoint vulnerabilities and develop corresponding sophisticated exploits targeting corresponding sensitive content communication tools and platforms. Single-tenant configurations also prevent cybercriminals from gaining access to one tenant that is used to expose systems, applications, and content of other tenants residing in the same instance.
Proactive, Always-on Monitoring
Research conducted by Kiteworks last year showed that most organizations rely on multiple applications and tools for their sensitive content communications. This makes it extremely difficult to proactively monitor the digital exchange of private content—both internally and with third parties. This includes the ability to integrate other security capabilities into those tools to monitor them against malicious attacks.
The Kiteworks Private Content Network delivers on a centralized dashboard used for not only consolidated policy management and audit trails across all your sensitive content communications, but it also integrates numerous security and compliance investments for always-on monitoring. For example, through a prebuilt, secure application programming interface (API), syslog data from Kiteworks is integrated into SOC monitoring and incident response tools, such as SIEM (security information and event management) and SOAR (security orchestration, automation, and response)—enabling organizations to receive real-time alerts when attacks or anomalies occur.
Encrypted Email in the Private Content Network
With Kiteworks, incoming emails are scanned with antivirus, content disarm and reconstruction (CDR), and advanced threat protection (ATP). Only authenticated users can read the message, and controls prevent forwarding to authorized parties. Additionally, as Kiteworks uses multi-factor authentication, including biometrics, attackers who have stolen a user’s credentials through phishing are prevented from successfully accessing that user’s email since they lack the second form of authentication.
The Kiteworks Email Protection Gateway (EPG) creates a contained, secure channel between multiple parties through which secure emails can be sent. This approach minimizes social engineering attacks by limiting how people send emails over the channel.
Keep Ahead of the AI-enabled Bad Actors
ChatGPT is transformative and we are just beginning to scratch the surface of its potential. The opportunities will most certainly outweigh the risks, though we must remain cognizant of the threats to fully reap the rewards. When it comes to cyber threats, organizations must ensure they have a comprehensive cyber risk management strategy in place. While bad actors will benefit by using ChatGPT to accelerate the speed and effectiveness of their attacks, organizations can thwart these by ensuring they have the right cyber defenses in place.
The Kiteworks Private Content Network uses a content-defined zero-trust approach that creates layers of security that protect sensitive content communications from malicious cyberattacks, including those that use AI-enabled ChatGPT. It also creates a comprehensive audit trail used to demonstrate regulatory compliance.
Schedule a custom-tailored demo of Kiteworks to learn how Kiteworks is built to withstand AI-enabled cyberattacks today.
Disclaimer: Some portions of this blog post were composed using ChatGPT.
Additional Resources