Cybercriminals have found a new tool to infiltrate organisations and that is the use of AI in phishing emails.
The Australian Financial Review reports that hackers are now using ChatGPT and other natural-language machine learning models to create phishing emails that can mimic the tone and language of real workplace emails. These emails are so convincing that even employees with the highest level of cybersecurity training are falling prey to them.
The War Between Hackers and Cybersecurity Experts
Cybercriminals are using ChatGPT to craft convincing phishing attacks to break into organisations. With an estimated 90% of cyber breaches starting with a successful phishing attack, cybersecurity experts must be on their toes.
ChatGPT’s Effectiveness in Cyberattacks
ChatGPT is so effective that it has bypassed one of the major lines of defence against phishing attacks. Most people in organisations look for anomalous uses of grammar and unusual wording to weed out phishing emails. However, ChatGPT has fixed that for hackers by making their messages appear more genuine. The more genuine an email looks, the more successful it is as the basis of an attack. Once cybercriminals have breached an organisation’s network, they are using AI to evade detection and to escalate their attacks further.
ChatGPT and Deep-Fake Attacks
Deep-fake attacks might use AI to mimic the writing style or even the voice of a co-worker to allow the attack into other parts of the business. Cybercriminals are even using ChatGPT to change the software code in malware attacks so they can evade detection by antivirus software. They are also embedding AI into malware so it can pivot its behaviour once it has been detected.
The Lowering of the Barrier to Entry
ChatGPT has lowered the barrier of entry into malware, making it easier for anyone who wants to get into malware to do so. With ChatGPT’s ease of use, anyone can craft a message that can be used as the basis of a phishing attack. It’s a worrying development, but one that cybersecurity experts are working hard to counter. As hackers and cybersecurity experts engage in an ever-escalating war, it remains to be seen who will come out on top.
