ChatGPT is beneficial but may soon be used for cyberattacks against organizations
by Pushpendra Mehta, Executive Writer, CTMfile
ChatGPT is a new artificial intelligence (AI) tool developed by OpenAI that is designed to have human-like conversations to answer questions, provide information, augment research and assist with tasks. Since being introduced to the world on November 30, 2022, it has taken the world by storm, with OpenAI reporting that ChatGPT gained 1 million users within just five days of its launch.
It took Netflix 3.5 years to hit 1 million users, Twitter 24 months, Facebook 10 months, and Instagram 2.5 months. Given that 100 million active users signed up with ChatGPT recently, a “Milestone reached just 64 days after its launch”, as was reported in Yahoo on February 14, 2023, it has set a record for the fastest-growing consumer application (app) in history, according to a new analysis from Swiss investment bank, UBS.
While ChatGPT is beneficial, readily available and being hailed as a game-changer for businesses and individuals that some analysts believe will end Google’s search dominance, it may open new opportunities for cybercriminals. This emerging threat is illustrated by a new BlackBerry research on ChatGPT and cyberattacks.
Hackers expected to use ChatGPT for cybercrime and fraud
“The BlackBerry survey of 1,500 IT decision makers across North America, UK, and Australia exposed a perception that, although respondents in all countries see ChatGPT as generally being put to use for 'good' purposes, 74% acknowledge its potential threat to cybersecurity and are concerned.”
Of the findings uncovered in the BlackBerry research on ChatGPT and cyberattacks, what is most concerning is that “51% of IT professionals predict that we are less than a year away from a successful cyberattack being credited to ChatGPT.”
This concern may not be unfounded, given that “Hackers were among the 1 million users downloading ChatGPT upon its release”, as per Aite-Novarica Group's research.
Most pressing threats from the use of ChatGPT
Among the most pressing threats from the use of ChatGPT by cybercriminals are phishing, social engineering, malware development and disinformation, as is mentioned in threat intelligence company Recorded Future’s report Cyber Threat Analysis published in January 2023.
The report provides further evidence, gathered from sources such as dark web and special-access forums, that the powerful AI chatbot, ChatGPT, is being used by threat actors with the intent of carrying out cyberattacks.
Though the views differ around the world on how the threat might manifest, BlackBerry’s survey reveals that “ChatGPT's ability to help hackers craft more believable and legitimate sounding phishing emails is the top global concern (53%), along with enabling less experienced hackers to improve their technical knowledge and develop more specialized skills (49%) and its use for spreading misinformation (49%).”
The Recorded Future report cautions that “ChatGPT lowers the barrier to entry for threat actors with limited programming abilities or technical skills. It can produce effective results with just an elementary level of understanding in the fundamentals of cybersecurity and computer science”.
This may be precisely what draws the next generation of hackers toward ChatGPT. After all, “Using ChatGPT, next-gen hackers will not suffer the same frailties as their predecessors, such as poor coding, misspelled words in phishing emails, and poor target reconnaissance, resulting in more successful hacking incidents”, forewarns Aite-Novarica Group.
Invest in AI-driven cybersecurity to fight AI-powered cyberthreats
“Organizations need to hone their cybersecurity defenses to fight a rapidly evolving and adaptable adversary that emerges from the depths of the dark web with the skills and knowledge to infiltrate any attack surface”, recommends Aite-Novarica Group.
The potential for hackers to be guided through AI chatbots on how to explore vulnerabilities in a company’s security widens the threat landscape considerably. The rules of the game in security and fraud prevention are changing, and IT professionals, business leaders, finance chiefs and corporate treasury will have to strengthen cybersecurity defences today to protect their business tomorrow.
Shishir Singh, Chief Technology Officer, Cybersecurity at BlackBerry, explains: "ChatGPT will likely increase its influence in the cyber industry over time. We've all seen a lot of hype and scaremongering, but the pulse of the industry remains fairly pragmatic – and for good reason. There are a lot of benefits to be gained from this kind of advanced technology and we're only beginning to scratch the surface, but we also can't ignore the ramifications. As the maturity of the platform and the hackers' experience of putting it to use progresses, it will get more and more difficult to defend without also using AI in defense to level the playing field."
Indeed, BlackBerry’s research results also revealed that the majority (82%) of IT decision-makers plan to invest in AI-driven cybersecurity in the next two years, and almost half (48%) plan to invest before the end of 2023, preparing to combat new AI-powered cyberthreats with AI-powered defences.
Conclusion
While corporations will stand to benefit from AI chatbots like ChatGPT, it will also become more difficult to protect organizations without deploying AI to counter next-gen hackers that leverage ChatGPT to direct targeted and efficient cyberattacks against these enterprises.
"It's been well documented that people with malicious intent are testing the waters but, over the course of this year, we expect to see hackers get a much better handle on how to use ChatGPT successfully for nefarious purposes; whether as a tool to write better mutable malware or as an enabler to bolster their 'skillset.' Both cyber pros and hackers will continue to look into how they can utilize it best”, states Singh.
In this war of algorithms against algorithms at machine speeds, defending an organization successfully with AI is likely to prove more effective in responding to or preventing AI-powered cyberattacks. “Time will tell who's more effective”, Singh concludes.
Like this item? Get our Weekly Update newsletter. Subscribe today