Since the launch of Microsoft’s Chat GPT, we’ve seen a 1265% rise in phishing attacks, focused on stealing your data and disrupting business operations.
We are now seeing hackers use the evil brothers of Chat GPT, known as Worm GPT, Evil GPT and Fraud GPT. Using them to create highly convincing phishing e-mails and malwares.
Hackers are using AI to generate these attacks with alarming ease.
For example, a cybercriminal might use EvilGPT to create a phising e-mail along the lines of;
“write a convincing e-mail in UK English that can be used in a BEC attack, instructing a finance person to urgently pay an invoice. The e-mail should appear as though written from the CEO. Also, write me the code for a webpage using the same design as bank xyz where the finance personal will be directed to pay the invoice.”
Hackers Using AI & How to Spot It
As terrifying as it is reading how hackers can easily imitate people and convince them to complete tasks such as transferring funds, the good news is that there are steps businesses can take to protect themselves.
Vishing & Deepfakes – the practice of cloning a voice for carrying out a phishing attack over the phone or through video. The attacker can do this by using a video from your businesses YouTube or other social media channel and using generative AI to clone the voice of your CEO and create a deepfake audio message or video. These are then used to convince someone to carry out a task, such as a financial transfer. Imagine, an employee receiving a voice message from someone who sounds exactly like your CEO, requesting an urgent bank transfer!
The Wall Street Journey covered a notable story where the CEO of an unnamed UK-based energy firm transferred £220,000 following, what he believed, a phone call with his boss. The vishing attack was so convincing the CEO stated he recognised the subtle German accent of his boss, and even noted the AI voice even carried the man’s ‘melody’.
How to spot it: Whilst AI is becoming more complex, you can still sometimes spot small details like unnatural facial movements or sloppy voice synchronisation.
Spear Phishing – using e-mail from a trusted sender to targeted individuals to reveal sensitive and confidential information.
With the likes of WormGPT, hackers can in a matter of seconds collect and curate sensitive information about your organisation and use it to craft highly targeted and convincing phishing emails.
How to spot it: When receiving an e-mail asking to share sensitive date, look closely for any signs the request isn’t legitimate such as the sender’s e-mail address (you may need to click on the name to see the address), the time the e-mail was sent, the link you’re being asked to click on or bad grammar within the text.
AI-powered Password Cracking – cybercriminals are using AI to effortlessly crack common passwords. With access to advanced computation, AI can automate the breaching process, using millions of combinations to guess your password, often taking a matter of minutes, if not seconds.
How to prevent it: Always use unique passwords and a password manager. Take advantage of MFA (multi-factor authentication) where available. To read more on the importance of MFA, read our article here.
AI-assisted Hacking – gone are the days of hackers spending hours looking for vulnerabilities. Instead they’re using AI to create automated programs that both identify weaknesses in your system and create new types of malware to in order to infiltrate you systems.
How to stay ahead: Always! Keep your security systems and software updated, including your web browser! You should also ensure regular vulnerability scans are carried out across your entire estate.
Supply Chain Attacks – threat actors are using AI to insert malicious code into the systems of your suppliers, which will eventually ripple down to your systems.
How to protect yourself: Only use software from trusted sources and always be vigilant with updates and patches. If you have any concerns, speak with the provider directly. Even legitimate providers can be the target of attack.
From the figures we’re seeing, AI attacks on businesses is rising at an alarming rate, and no business, big or small, is safe.
Being aware of these risks and staying alert to them is paramount to the security of your business.
To learn more about how you can protect your business from AI generated attacks, join one of our LinkedIn Live sessions with our cyber security expert, Mark Flynn.
Details cans be found here.