top of page

Mind the Gap: WormGPT's Emergence Sounds the Alarm for Enterprise Cybersecurity Upskilling !

Updated: Jul 28, 2023

According to recent reports, hackers have launched WormGPT, a GPT-J driven hacking tool, making it the first ChatGPT for hackers.

In recent times, as Language Model (LLM) technology has gained popularity and widespread use, it has raised significant concerns about its potential for generating vast amounts of written content rapidly and effortlessly. Regrettably, these concerns have materialized into reality as the Black Hat Hacker community has now harnessed the power of LLMs for nefarious purposes and malicious attacks.

Recent reports have surfaced, indicating that hackers have unleashed a potent hacking tool called WormGPT, powered by the advanced GPT-J technology. This tool exploits the already pervasive attack vector known as business email compromise, a notorious cyber threat that ranks among the world's most prominent.

As we delve deeper into the repercussions of WormGPT, it becomes increasingly evident that there is an urgent necessity for comprehensive AI cybersecurity training. With hackers gaining access to increasingly sophisticated AI-based technologies, companies now bear the responsibility of educating their workforce about the potential hazards associated with AI usage. Raising awareness within organizations is crucial to safeguarding against these evolving threats.

What is WormGPT Exactly ?

Business email compromise (BEC) stands out as one of the most widely utilized methods by hackers for disseminating malicious payloads. In this scheme, attackers impersonate a legitimate business entity to execute their scams. Although email providers typically flag such emails as spam or suspicious, the introduction of WormGPT has armed fraudsters with a new set of formidable tools. By crafting a novel model that draws from an extensive range of data sources, including open-source GPT-J and other malware-related data models, attackers can construct highly convincing fake emails to facilitate their impersonation acts.

Unlike ChatGPT, WormGPT boasts no limitations, enabling it to generate text for a wide array of black hat applications, which refer to illegal cyber activities. Furthermore, this model can be operated locally, leaving no trace on external servers as would be the case with an API. With safety rails removed from the equation, the model produces uncensored output, tailor-made for illicit activities.

The most concerning aspect of WormGPT lies in its ability to provide attackers, whose native language might not be English, with the means to create clean and proficient copy. These emails have an increased chance of bypassing spam filters since they can be customized according to the attackers' specific requirements.

What makes WormGPT even more alarming is that it significantly lowers the barrier of entry for hackers, offering the same ease of use as ChatGPT but without any of its protections. Moreover, emails crafted using this model exude a professional aura, potentially enhancing their effectiveness in executing cyberattacks.

Coping up with AI attacks

Indeed, WormGPT represents just one facet of the challenges posed by generative AI for companies. Language Model (LLMs) technologies can be harnessed for a variety of harmful purposes, such as automatically writing malware, orchestrating social engineering attacks, identifying vulnerabilities in software code, and even aiding in password cracking. The potential risks of generative AI extend to enterprises, particularly concerning data leakage.

The slow adoption of generative AI by companies can be attributed, in part, to the lack of robust security infrastructure surrounding this powerful technology. While cloud service providers have started offering AI solutions, there remains a critical need for secure and safeguarded LLM offerings. By prioritizing education on the potential dangers of generative AI, companies can shield themselves from data breaches and leaks. It is essential to raise awareness among employees about the risks of AI-powered hack attacks, empowering them to identify and respond to potential cyber threats effectively.

The alarming truth is that many companies are lagging behind in cybersecurity preparedness. Only 15% of organizations possess a mature level of readiness to tackle security risks. In the era of generative AI, companies must invest resources in keeping their workforce well-informed about the latest threats in AI-powered cybersecurity. By staying ahead of the curve and fostering a security-first approach, businesses can better protect themselves and their valuable data from the ever-evolving landscape of cyber threats.

23 views0 comments


bottom of page