Cybercriminals exploit ChatGPT hype: Exercise caution with suspicious emails, links

The popularity of ChatGPT, and more generally the hype around artificial intelligence (AI), has provided cybercriminals a new avenue to exploit, as evidenced by the fact that there has been a massive 910 per cent increase in monthly registrations for domains, both benign and malicious, related to ChatGPT. Yet, PDFs sent through email remains the most common way cybercriminals to deliver malware, says a recent report by Palo Alto Networks. 

“Email, combined with social engineering tactics, is a popular infection vector for threat actors. Phishing PDFs account for 66 per cent of malware delivered via email. Along with traditional detection methods such as signature-based detection and malicious URL labelling, organisations must adopt machine learning models to combat evolving phishing campaigns,” says Huzefa Motiwala, Director of Systems Engineering, India and SAARC, at Palo Alto Networks. He adds, “Users should be cautious with suspicious emails or links related to ChatGPT and access it only through the official OpenAI website. Advanced URL filtering and setting up alerts for prompt responses to threats can help organisations actively monitor and block malicious Newly Registered Domains (NRDs).” 

In addition, the Unit 42 Network Threat Trends Research Report Volume 2 also highlights that exploitation of vulnerabilities has increased by 55 per cent, compared to 2021. Cybercriminals are increasingly targeting cloud workload devices through Linux malware—an estimated 90 per cent of public cloud instances run on Linux. Within this, the common types of threats against Linux systems include botnets (47 per cent), coinminers (21 per cent) and backdoors (11 per cent). 

As industries deploying operational technologies (OT), such as manufacturing and energy, saw a 238 per cent increase in malware attacks, it is necessary to deploy simple, scalable solutions to provide granular visibility and meet critical uptime requirements of OT devices. 

Motiwala adds, “Organisations must adopt a Zero Trust framework to eliminate implicit trust and integrate an ‘always verify’ approach throughout the enterprise. By continuously validating all digital transactions, it will maximise security efficacy. Organisations must re-evaluate legacy virtual private server (VPS) solutions to reduce the attack surface of today’s cloud-first business operations” 

Sean Duca, VP, and Regional Chief Security Officer at Palo Alto Networks, said, “Cybercriminals, no doubt, are looking at how they can leverage it for their nefarious activities, but for now, simple social engineering will do just fine at tricking potential victims.” 

As threat actors are constantly evolving their techniques, employing evasion tools and camouflage methods to bypass detection, organisations must guard against malware designed to exploit older vulnerabilities while proactively staying ahead of sophisticated new attacks.