top of page
Writer's pictureJonah White

ChatGPT: What does this tool mean for Cybersecurity?

There you are, sitting at your cubicle, wondering how you can copy a set of values that you don’t want to type out in Excel over and over again. You want to look up a quick way but don’t know how to word the question to Google. “Wait, Tim down the hall said some new tool is out that can help with this type of problem, what was it called? Chat-something?”. You text your buddy Tim through the office messaging center, “Hey Tim? What was that tool called you mentioned to me at the breakroom? ChatTPG??”

“…ChatGPT…”

“Awesome! Thanks hey do you still have time this weekend to hit the golf course? I have a new driver I want to test out…”

“I’m sorry {Your-Name}, I’m afraid I can’t do that…”

“That’s cool man, hey how about next week?”

Tim doesn’t respond for a few minutes, but your co-worker Josh walks by, “Hey Josh! Tim said he couldn’t make it to the golf course this week, would you be down for next week as well?”

“Josh? Didn’t he just get let go? I thought they replaced him with the new AI-CyberSec software, I don’t think he’ll be available anytime soon to hit the course…”

You look perplexed, “—I—I just talked to him, he said he couldn’t make it this week.” Josh looks at you strangely, “Tim’s access was removed a few days ago, you’re probably talking to the new software…”

You look back at your monitor, you see that “Tim” is typing back…

“Is there anything else I can help you with…?”

Is the Future Everything with AI?

With the rise of ChatGPT recently, people around the world, approximately a hundred million people, have been using it for their daily lives, even beginning to turn to it first instead of the common choice of Google. What does this mean for the future of technology when in two months this software becomes the norm to use instead of Google? And most importantly, what does this mean for Cybersecurity for defense and offense?

Job Loss

Artificial Intelligence being used in Cyber Security is nothing new, but the very nature of ChatGPT-3 and 4 sparks questions of the future job market for roles relating to Analysts, consultants, and pentesters to name a few. Will AI replace these jobs? Not for a while with these complex jobs, but you might see call centers turn into server rooms. No longer will companies have to hire people to answer calls about their products, ChatGPT can possibly be trained to help in all matters related to several commonly used services such as credit cards or various types of insurance companies. Imagine wanting to speak to a human, but what you thought was a nice lady on the other end was instead ChatGPT with a voice application integrated with it. This would possibly be the first step of technology replacing human workers.

More Advanced Attacks

With every new technology, it is first seen as a blessing but comes back as a curse when you least expect it to be. ChatGPT is great do not get me wrong, I’ve used it for several things, and it has saved me some time. But some questions must be answered about its existence for good and evil in the cyber security realm.


Phishing is now harder than ever to detect

We’ve recently seen this being used with phishing campaigns. No longer are the days of looking for typos or strange capital letters in words of those Nigerian prince emails, he’s retired! He longer can compete with ChatGPT. APTs and hackers are using this new software to write even more clear and concise emails that resemble so closely to the targets higher up. Imagine taking interviews with a CEO you want to impersonate on an email. Grab the transcript from hours of footage of them talking, then ask an AI model to write an email about how the CEO would send it to a lower-tech employee. Anyone with no cyber security background or experience would click on the email, and boom, remote access or ransomware is in your network!

DDoS Attacks and Ransomware as a Service

Artificial intelligence can be trained to simulate human intelligence almost completely. Still, the problem with this is multiplying by a hundred thousand machines attacking a website such as Facebook or Google. Botnets could become harder to detect by training an AI to simulate actions taken by a particular APT group, such as Wicked Panda. Imagine trying to find the latest Chinese hackers in your network but all it was a trained AI to stay as quiet as possible within the network, keylogging and listening to everything going over the wire. Ransomware as a Service (RaaS) would become more complex, we would see new attack vectors combined with the phishing emails before being spread massively faster before current systems can react to it.

Conclusion

These are just a few critical aspects of the current Cyber Security realm to think of today. Companies still struggle with placing security first in software development. These tools propose a potential risk for safety, future software, and the risks of relying more on technology instead of humans.

45 views

コメント


bottom of page