A new generative AI cyber crime tool, WormGPT, has emerged on Africa’s cyber security threat landscape and enables criminals to write malware and craft convincing phishing e-mails.
Cyber security specialist KnowBe4 says this is worrying because it means that cyber criminals can exploit the functionalities of ChatGPT, bypass safety measures and ethical controls, and create more sophisticated and customised phishing attacks that can deceive even the most discerning individuals and organisations.
It poses a significant threat, the company explains.
“Cyber criminals have always been one of the first groups to reap the benefits of disruptive technology, resulting in the seemingly never-ending cat-and-mouse game of defenders trying to keep up with the criminals. Tools like WormGPT present a widened opportunity to individuals with criminal intent but lacking technical ability,” says Anna Collard, SVP of content strategy & evangelist at KnowBe4 Africa.
Collard says the tool seems to have been originally presented by its developer in March, before being released in June, and has been actively sold since.
Its threat is exacerbated because it is based on the same user experience as ChatGPT and accessible to a very broad base of users, who needn’t have specialised skill sets to be able to manipulate the technology to their criminal ends.
KnowBe4 expects an increase in AI-generated attacks, business e-mail compromise, and phishing.
Says Collard, “Whether directly linked to this particular tool or not, we definitely expect an escalation in general due to the simplified way of creation of malware or phishing e-mails through the use of AI-empowered tools like it.”
She is hopeful that it won’t be long before AI is mobilised and used directly to combat AI-fused cyber crime.
“It’s a cat-and-mouse game though and often feels as if the criminals are one step ahead,” adds Collard.
While WormGPT doesn’t necessarily introduce any amazingly new attack vectors, tools like this make life easier for cyber criminals and allow them to work faster.
KnowBe4 Africa advises businesses and individuals to ensure existing security controls such as e-mail gateways, anti-phishing, anti-malware, patching etc. are configured correctly and up to date.
The company also underlines the importance of user vigilance and awareness training around AI and how it can be used for nefarious purposes.