ChatGPT: the dark side of AI that could put digital security at risk  

Ermes – Cybersecurity, Italian excellence of Cybersecurity, highlights the features of possible new cyber criminal attacks generated by AI

TURIN, Italy—March 13, 2023—Everyone is talking about Chat GPT, acronym of Generative Chat Pre-trained Transformer, the free chatbot based on artificial intelligence created by OpenAI, the non-profit artificial intelligence research organization that promotes the development of friendly AI, ie intelligences capable of contributing to the good of humanity. By accessing their website, you can virtually converse with a “virtual person”, an artificial intelligence programmed to answer any question, thanks to a sophisticated machine learning model with a high machine learning capability.

But what are the risks that this Chatbot can entail?

ChatGPT has already attracted many cyber criminals, who in the first place have made almost identical copies of the site or app. Downloading those from official stores, and installing them in the phone, they can then spread malicious content. The most serious problem, however, is another one: through specific and artfully built queries, GPT Chat is the perfect tool that, in the hands of an attacker, helps him to create what, in the cyber world, are called spear phishing attacks. They are, in fact, hyper customized attacks, calibrated on the information that users, without realizing it, share on their social accounts and through daily navigation on PCs and mobile. In this way, cyber criminals use AI to build deceptive content, created specifically for the person they are targeting.

To counter this growing and increasingly insidious phenomenon, Ermes – Cybersecurity (www.ermes.company/it/), Italian excellence of Cybersecurity is developing right now an effective AI system: “Companies and employees, as it is accessing today with ChatGPT, will increasingly rely on third-party services or enabling technologies based on AI. For this reason we are monitoring and developing with Ermes a tool that certainly allows you to use them, but that does so safely through filters and blocks of sharing all that sensitive information such as email, passwords or economic data, that by mistake we can include in our requests to these services”. – says Lorenzo Asuni, Chief Marketing Officer di Ermes – Cybersecurity.

ChatGBT and Scams, the three main risk factors:

1. The number one scam, therefore, is the birth of phishing sites that exploit the hype on ChatGPT, already hundreds in recent weeks alone. Recognizing them is not easy: they have similar domains, look almost identical to web pages or apps and often rely on non-existent integrations, creating duplicates of the service that steal, so, credentials to all those who register;

2. Spear phishing attacks become easier and more scalable with the qualitative and fast production of highly targeted email campaigns (BEC), sms (smishing) or ads (malaware), aimed at economic scams, personal data theft or credentials;
3. The sharing of sensitive company information, with the continuous demand for content, answers and analysis. How does this happen? For example, with a simple “reply to this email” forgetting to exclude the email of the recipient or sender, or giving these new technologies economic data or names of customers or partners.

A practical example: Business Email Compromise, the risk for business emails

ChatGPT responds excellently to any content query, but this becomes particularly risky when used as a business email attack, the so-called BEC. With BEC, attackers use a template to generate a deceptive email, which prompts a recipient to provide him with sensitive information. With the help of ChatGPT, in fact, hackers would have the ability to customize any communication, thus potentially having unique content for each email generated thanks to AI, making these attacks more difficult to detect and recognize as such.

Likewise, writing emails or building a copy of a phishing site can become easier without typos or unique formats, which today are often critical to differentiate these attacks from legitimate emails. What scares the most is that it becomes possible to add as many changes to the prompt as “make the email urgent”, “emails with a high probability of recipients clicking the link” and so on.

About Ermes

Ermes – Cybersecurity was born within the I3P incubator of Politecnico di Torino in 2018 from an idea of Hassan Metwalley: to develop an artificial intelligence algorithm to protect users from cyber attacks, an advanced shield capable of detecting sophisticated malware and threats that escape traditional security systems. Thanks to its innovative architecture and patented AI algorithms, it offers dynamic protection against web threats based not on the reputation of sites but on their real behavior. Thanks to this behavioral approach, the threat exposure window is reduced from days to minutes, ensuring 99% real-time overall protection on the web. Winner of the First Prize PNI CUBE 2017, today Ermes is the only Italian excellence selected by Garter in the world’s top 100 specialized in AI Cybersecurity and the only Italian to have received the FIC 2022 Startup Award, the prestigious award recognized by FIC (International Cybersecurity Forum) which aims to promote European innovative scaleups and young businesses in the world of digital security. The diversified solutions created by Ermes have protected +30 thousand users blocking over 360 billion dangerous connections and making Italy the world leader in cybersecurity. After closing a funding round worth 1 million euros, ERMES – Intelligent Web Protection closed 2021 with a turnover of over 1 million euros. Ermes technology was chosen by KPMG, Carrefour, Reale Mutua, Bonelli Erede, Sol Group, International School of Monaco and distributed by Techdata and Icos to more than 40 partners in 4 different continents.

Press Contact: Disclosers

Isabella Castelli: isabella.castelli@disclosers.it +39 3463183982

Emanuela Centanni: emanuela.centanni@disclosers.it +39 3207913446