Disclosures:
Professional Reviews

The reviews found on GuideHaven consist of evaluations conducted by community reviewers. These assessments take into account the reviewers’ unbiased and knowledgeable analysis of the products and services being reviewed.

Ownership

GuideHaven is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we’ve partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Affiliate Commissions

GuideHaven contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest, and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Review Guidelines

The reviews published on GuideHaven are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional, and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

News Heading

WormGPT: New AI Tool Helps Hackers Generate Credible Emails for BEC Attacks

Shipra Sanganeria
Published by Shipra Sanganeria on July 27, 2024

A new generative AI tool by the name of WormGPT recently emerged on a prominent forum associated with threat actors. The AI module specifically designed for malicious activities can become a powerful tool in the hands of cyber criminals wanting to launch phishing and business email compromise (BEC) campaigns.

The tool based on the open-source GPT-J language model comes laden with various features including ‘’unlimited character support, chat memory retention, and code formatting capabilities,’’ reported SlashNext. Moreover, it’s suspected to have been trained on a variety of data sources, especially malware-related data sets.

WormGPT, presented as a blackhat alternative to GPT models is being touted as the biggest enemy of ChatGPT, with the ability to help even novice cybercriminals launch sophisticated attacks. It can help attackers create fake persuasive, personalized emails with impeccable grammar, thus reducing chances of being flagged as suspicious. This was revealed in an experiment conducted by researchers at SlashNext.

‘’WormGPT produced an email that was not only remarkably persuasive but also strategically cunning, showcasing its potential for sophisticated phishing and BEC attacks.’’

Along with the development of these generative AI modules, cybersecurity researchers have also noticed promotion of ‘’jailbreaks’’ for ChatGPT. These are specialized inputs created to manipulate such tools to generate output that could involve disclosing sensitive information, producing inappropriate content, and executing harmful code.

According to SlashNext, the adoption of AI and use of such practices by determined cybercriminals underlines the growing challenges that organizations today face in ensuring AI security.

To safeguard against such BEC attacks, it is essential that companies follow a multi-faceted approach. This includes developing extensive BEC-specific training programs that educate employees about AI augmented threats and tactics employed by threat actors. Enforcing stringent email verification processes and deploying measures that help detect potential malicious emails, especially the ones containing keywords linked to BEC attacks.

Did you like this article? Rate it!
 
 
 
 
 
I hated it I don’t really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback