{"id":20594,"date":"2023-01-24T15:12:05","date_gmt":"2023-01-24T11:12:05","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/chatgpt-cybersecurity\/20594\/"},"modified":"2023-01-24T15:12:20","modified_gmt":"2023-01-24T11:12:20","slug":"chatgpt-cybersecurity","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/chatgpt-cybersecurity\/20594\/","title":{"rendered":"How ChatGPT will change cybersecurity"},"content":{"rendered":"

Although the principles of machine learning were laid down some half a century ago, only recently have they found widespread application in practice. As computing power grew, computers learned first to distinguish objects in images and play Go<\/a> better than humans, then to draw pictures based on text descriptions and maintain a coherent chat. In 2021\u20132022, scientific breakthroughs became accessible to all. For example, you can subscribe to MidJourney<\/a> and, say, instantly illustrate your own books. And OpenAI has finally opened up its large GPT-3<\/a> (Generative Pretrained Transformer 3) language model to the general public through ChatGPT<\/a>. The bot is available at chat.openai.com, where you can see for yourself how it maintains a coherent conversation, explains complex scientific concepts better than many teachers, artistically translates texts between languages, and much, much more.<\/p>\n

\"Image<\/a>

Image generated by Midjourney to the request \u201cA gnome with a magnifying glass is lost among data storage servers\u201d<\/p><\/div>\n

If we strip ChatGPT down to the bare essentials, the language model is trained on a gigantic corpus of online texts, from which it \u201cremembers\u201d which words, sentences, and paragraphs are collocated most frequently and how they interrelate. Aided by numerous technical tricks and additional rounds of training with humans, the model is optimized specifically for dialog. Because \u201con the internet you can find absolutely everything\u201d, the model is naturally able to support a dialog on practically all topics: from fashion and the history of art to programming and quantum physics.<\/p>\n

Scientists, journalists, and plain enthusiasts are finding ever more applications for ChatGPT. The Awesome ChatGPT prompts<\/a> website has a list of prompts (phrases to start a conversation with a bot), which allow to \u201cswitch\u201d ChatGPT so that it will respond in the style of Gandalf<\/a> or some other literary character, write Python code, generate business letters and resumes, and even imitate a Linux terminal. Nevertheless, ChatGPT is still just a language model, so all the above is nothing more than common combinations and collocations of words \u2014 you won\u2019t find any reason or logic in it. At times, ChatGPT talks convincing nonsense (like many humans), for example, by referring to non-existent scientific studies. So always treat ChatGPT content with due caution. That said, even in its current form, the bot is useful in many practical processes and industries. Here are some examples in the field of cybersecurity.<\/p>\n

Malware creation<\/h2>\n

\nOn underground hacker forums, novice cybercriminals report how they use ChatGPT to create new Trojans. The bot is able to write code, so if you succinctly describe the desired function (\u201csave all passwords in file X and send via HTTP POST to server Y\u201d), you can get a simple infostealer<\/a> without having any programming skills at all. However, straight-arrow users have nothing to fear. If bot-written code is actually used, security solutions will detect and neutralize it as quickly and efficiently as all previous malware created by humans. What\u2019s more, if such code isn\u2019t checked by an experienced programmer, the malware is likely to contain subtle errors and logical flaws that will make it less effective.<\/p>\n

At least for now, bots can only compete with novice virus writers.<\/p>\n

Malware analysis<\/h2>\n

\nWhen InfoSec analysts study new suspicious applications, they reverse-engineer<\/a>, the pseudo-code or machine code, trying to figure out how it works. Although this task cannot be fully assigned to ChatGPT, the chatbot is already capable of quickly explaining what a particular piece of code does. Our colleague Ivan Kwiatkovski has developed a plugin for IDA Pro<\/a> that does precisely that. The language model under the hood isn\u2019t really ChatGPT \u2013 rather its cousin, davinci-003<\/a> \u2013 but this is a purely technical difference. Sometimes the plugin doesn\u2019t work, or outputs garbage, but for those cases when it automatically assigns legitimate names to functions and identifies encryption algorithms in the code and their parameters, it\u2019s worth having in your kitbag. It comes into its own in SOC conditions, where perpetually overloaded analysts have to devote a minimum amount of time to each incident, so any tool to speed up the process is welcome.<\/p>\n

\"Plugin<\/a>

Plugin output<\/p><\/div>\n

Vulnerability search<\/h2>\n

\nA variation of the above approach is an automated search for vulnerable code. The chatbot \u201creads\u201d the pseudo-code of a decompiled application, and identifies places that may contain vulnerabilities. Moreover, the bot provides Python code designed for vulnerability (PoC) exploitation. Sure, the bot can make all kinds of mistakes, in both searching for vulnerabilities and writing PoC code, but even in its current form the tool is of use to both attackers and defenders.<\/p>\n

Security consulting<\/h2>\n

\nBecause ChatGPT knows what people are saying about cybersecurity online, its advice on this topic looks convincing. But, as with any chatbot advice, you never know where it exactly came from, so for every 10 great tips there may be one dud. All the same, the tips in the screenshot below for example are all sound:<\/p>\n

\"ChatGPT-generated<\/a>

ChatGPT-generated tips<\/p><\/div>\n

Phishing and BEC<\/h2>\n

\nConvincing texts are a strong point of GPT-3 and ChatGPT, so automated spear-phishing attacks using chatbots are probably already<\/strong> occurring. The main problem with mass phishing e-mails is that they don\u2019t look right, with too much generic text that doesn\u2019t speak directly to the recipient. As for spear-phishing, when a live cybercriminal writes an e-mail to a single victim, it\u2019s quite expensive; therefore, it\u2019s used only in targeted attacks. ChatGPT is set to drastically alter the balance of power, because it allows attackers to generate persuasive and personalized e-mails on an industrial scale. However, for an e-mail to contain all necessary components, the chatbot must be given very detailed instructions.<\/p>\n

\"Example<\/a>

Example of a ChatGPT-generated e-mail<\/p><\/div>\n

But major phishing attacks usually consist of a series of e-mails, each gradually gaining more of the victim\u2019s trust. So for the second, third, and nth<\/sup> e-mails, ChatGPT will really save cybercriminals a lot of time. Since the chatbot remembers the context of the conversation, subsequent e-mails can be beautifully crafted from a very short and simple prompt.<\/p>\n

\"Generated<\/a>

Generated e-mail continuing the attack<\/p><\/div>\n

Moreover, the victim\u2019s response can easily be fed into the model, producing a compelling follow-up in seconds.<\/p>\n

Among the tools attackers can use is stylized correspondence. Given just a small sample of a particular style, the chatbox can easily apply it in further messages. This makes it possible to create convincing fake e-mails seemingly from one employee to another.<\/p>\n

Unfortunately, this means that the number of successful phishing attacks will only grow. And the chatbot will be equally convincing in e-mail, social networks, and messengers.<\/p>\n

How to fight back? Content analysis experts are actively developing tools<\/a> that detect chatbot texts. Time will tell how effective these filters will prove to be. But for now, we can only recommend our two standard tips (vigilance<\/a> and cybersecurity awareness training<\/a>), plus a new one. Learn how to spot bot-generated texts. Mathematical properties are not recognizable to the eye, but small stylistic quirks and tiny incongruities still give the robots away. Check out this game<\/a> to see if you can spot the difference between human- and machine-written text.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

A new generation of chatbots creates coherent, meaningful texts. This can help out both cybercriminals and cyberdefenders. <\/p>\n","protected":false},"author":2722,"featured_media":20596,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916,1226],"tags":[1481,2611,1415,76,321],"class_list":{"0":"post-20594","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-technology","10":"tag-ai","11":"tag-chatgpt","12":"tag-machine-learning","13":"tag-phishing","14":"tag-technology"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/chatgpt-cybersecurity\/20594\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/chatgpt-cybersecurity\/25100\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/chatgpt-cybersecurity\/27719\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/chatgpt-cybersecurity\/25423\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/chatgpt-cybersecurity\/25817\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/chatgpt-cybersecurity\/28332\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/chatgpt-cybersecurity\/34561\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/chatgpt-cybersecurity\/46959\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/chatgpt-cybersecurity\/20052\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/chatgpt-cybersecurity\/20669\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/chatgpt-cybersecurity\/29691\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/chatgpt-cybersecurity\/25789\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/chatgpt-cybersecurity\/31463\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/chatgpt-cybersecurity\/31176\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/machine-learning\/","name":"machine learning"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/20594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=20594"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/20594\/revisions"}],"predecessor-version":[{"id":20595,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/20594\/revisions\/20595"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/20596"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=20594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=20594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=20594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}