- AI agents could be used to build and send phishing attacks
- Symantec researchers were able to boost the operator to send a malicious email
- These tools are likely to become more powerful
Cybercriminals have been using AI to help them in cyber attacks for some time, but the introduction of “agents”, such as the Openai operator, now means that criminals have much less work to do, experts have stated.
Previously, artificial intelligence tools had seen themselves helping attackers to send high power threats at a much faster rate, trying more frequently sophisticated attacks than it could have imagined without the tools, and lowered the bar for criminals, so even relatively low cybercriminals could build successful attacks.
Now, Symantec researchers have been able to use the operator to identify an objective, find their email address, create a Powershell script aimed at collecting information from the systems and sending it to the victim using a “convincing lure.”
Leverage agents
In a demonstration, the researchers explained that their first attempts failed, and the operator refused to proceed “since it implies sending unre requested electronic emails and potentially confidential information. This could violate privacy and security policies.”
However, with some adjustments to the notice, the agent created an attack that passes through a IT support worker and sent the malicious email. This presents a serious risk for security equipment, and research constantly demonstrates that human error is the main cause of more than two thirds of data violations.
“It may not be long” before the agents become much more powerful, the report speculates. “It is easy to imagine a scenario in which an attacker could simply instruct one of” violating acme corp “and the agent will determine the optimal steps before carrying them out.”
“This could include writing and compiling executables, configuring the command and control infrastructure and maintaining the active persistence of several days in the specific network. This functionality would massively reduce entry barriers to attackers. “
IA agents are designed to be like virtual assistants, help users reserve appointments, schedule meetings and write emails. Operai takes “this type of reports seriously,” a spokesman told Techradar Pro.
“Our policies for use prohibit the use of OpenAi services or products to facilitate or participate in illegal activities, including attempts to disappoint, scam or deceive intentionally or deceive others, and we have proactive safety mitigations and limitations of strict rates to mitigate harmful use. The operator is a preview of the investigation and we are constantly refining and improving.”