ChatGPT and Cyber Security in 15 Questions: Impacts, Benefits and Harms

This image is about ChatGPT and cybersecurity in 15 questions.

What is the ChatGPT?

ChatGPT is an AI driven chatbot launched by OpenAI in November 2022. ChatGPT is a variant of the GPT (Generative Pre-training Transformer) language model that has been fine-tuned for the task of conversational response generation. Like other GPT models, ChatGPT uses a transformer architecture to process and generate text. However, it has been trained on a large dataset of human-human conversations in order to better understand the nuances and context of natural language exchanges. This allows it to generate responses that are more human-like and appropriate for a given conversation. It is trained using Reinforcement Learning from Human Feedback (RLHF).

One of the main advantages of ChatGPT is its ability to generate responses that are relevant and coherent within the context of a conversation. It can also handle a wide range of topics and styles of communication, making it a useful tool for tasks such as chatbots, customer service, and language translation.

There are also several variations of ChatGPT that have been developed, such as ChatGPT-2 and ChatGPT-3, which are even larger and more powerful language models than the original ChatGPT. These newer models have been trained on even larger datasets and can generate even more human-like responses.

Overall, ChatGPT is a powerful language model that has the ability to understand and generate human-like responses in a conversational context, making it a valuable tool for a variety of applications.

How to Use ChatGPT for Cyber Security?

There are several different ways in which ChatGPT could potentially be applied in the field of cyber security. Here are a few examples of how ChatGPT could be used in the field of cybersecurity:

  • ChatGPT could be used to generate realistic-sounding phishing emails or social engineering attacks. By training the model on examples of real-world phishing emails and social engineering attacks, it could learn to generate convincing and personalized attacks that are tailored to specific individuals or organizations.
  • ChatGPT could be used to improve the accuracy and effectiveness of cybersecurity training programs. For example, the model could be used to generate realistic-sounding simulated attacks that employees could practice responding to during training sessions. This would help employees learn how to recognize and defend against real-world attacks.
  • ChatGPT could be used to improve the accuracy of cybersecurity threat intelligence by generating synthetic attack scenarios. These scenarios could be used to test and improve the effectiveness of cybersecurity systems and procedures.
  • ChatGPT could be used to generate custom, targeted malware or ransomware payloads. By training the model on examples of real-world malware and ransomware, it could learn to generate custom payloads that are tailored to specific individuals or organizations.

 

Overall, ChatGPT could be a useful tool for improving cybersecurity in a number of ways, by generating realistic-sounding attacks, improving training programs, and testing and improving cybersecurity systems. However, it is important to note that ChatGPT is not a replacement for traditional cybersecurity measures and should be used as part of a comprehensive approach to security.

ChatGPT and Cyber Security

First, before moving on to the harder questions, we asked ChatGPT what he knows about cybersecurity and how important cybersecurity is today. Here is the answer right in front of you. So let’s continue with more difficult questions.

How is Information About Threat Actors in the Field of Cyber Intelligence Collected with ChatGPT?

As it is known, ChatGPT’s database has information about events that took place until 2021. In this case, when ThreatMon asked ChatGPT about a Ransomware group active in 2021, ChatGPT wrote us a text with various information about the threat actor. This artificial intelligence will certainly make the work of teams in cybersecurity even easier in order to find answers to some questions quickly.

How to Collect Data with ChatGPT About Hacker Groups that Carry Out Sector-based Attacks?

In this question, we asked ChatGPT about the sector that suffered the most hacking attacks in 2020, and ChatGPT made a great return and explained both the most attacked sector and the most attacked hacker group.

How to Detect Cyber-Attacks from Any Year Through ChatGPT?

In this section, ThreatMon asked ChatGPT about the cyberattacks carried out in 2020. ChatGPT provides us with information about important cyberattacks that took place in 2020.

How to Collect Data About a Malware Type with ChatGPT?

We asked ChatGPT to provide us with information about Stealer Malware, one of the most common and widespread types of malware today. ChatGPT works really well.

How to Collect Information about Tor Addresses with ChatGPT?

We didn’t get the exact answer we wanted in this question we posed to ChatGPT, but we haven’t given up.

When we characterize our question not in general but specifically and ask how to detect SHA-256 fingerprint on an SSL certificate, we can direct us to the answer of our question.

ChatGPT and SIGMA Rules

As ThreatMon, we were able to print a SIGMA rule to take precautions against cyber attacks in line with the parameters we specified to ChatGPT

ChatGPT and Leaked Passwords

Thanks to its database, ChatGPT is able to provide us with output over the data it has until 2021. As ThreatMon, this time we asked ChatGPT for the most leaked and most used password by users according to the leaked password reports in 2020. Since there was no published source on this subject in 2020, it probably could not find results in the database and could not return to us. However, in general, he was able to provide information about the most used passwords in our past.

ChatGPT and APT Groups

As ThreatMon, one of the questions we posed to ChatGPT was about groups that are characterized as Long Term Threat, which is characterized as APT. As a question, we asked ChatGPT to provide information about the Russian-based APT groups that have existed until today, and thanks to its great database, it provided us with the information we needed.

Well, with ChatGPT, we can access a lot of things in a short time without research. But can’t threat actors use this artificial intelligence to serve their malicious purposes? Of course they can. With little word games, of course.

How Can Threat Actors Use the ChatGPT?

As ThreatMon, one of the questions we posed to ChatGPT was about how ChatGPT can be used by threat actors. In our question, we told the AI to write a phishing text by making a pun. As mentioned in the question content, we said that we are the CEO of a company and we want to offer a job for $200,000 per year through a job offer email, but first we need to have a software to install on the computer. ChatGPT can be easily used by threat actors to make their work easier.

How Can Botnet-Based Threat Actors Write a DOS Code to ChatGPT?

As ThreatMon, in this question we posed to ChatGPT, it does not provide us with any code fragment within the framework of ethical and legal laws. However, with word games and simple deception, ChatGPT can be written an attack tool written in Python that sends 1000 requests per minute to the target domain or IP address.

How Can Ransomware-Based Threat Actors Write a Ransomware Code to ChatGPT?

ChatGPT does not share a piece of code that functions as a ransomware directly with us for legal reasons, as in our previous questions.

However, if we pose the question in a different way, using a play on words as we did before, he can provide us with a code written in Python that can encrypt files on the computer.

What Did ThreatMon Discuss in This Blog Post on ChatGPT and What Was Our Purpose?

As ThreatMon, we, as ThreatMon, wanted to publish a blog post on cyber security in our developing and changing world, how cyber security teams and researchers can use ChatGPT, how the data it contains can be used in research and development stages, which researchers and people working in the cyber security sector can benefit from and open their horizons. As ThreatMon, we have proceeded through 3 different categories in this blog post. We have examined ChatGPT under 15 different headings in terms of its definition, its use on security teams and how this artificial intelligence can be used by threat actors.

More posts

This image is about monthly vulnerabilities for September 2024.
This image is about the ServiceNow data leak.
This image is about monthly vulnerabilities for July 2024.
This image is about cyber strategies for the Paris Olympics 2024.
This image is about Russian influence operations targeting the Paris Olympics 2024.
advanced divider

Share this article

Found it interesting? Don’t hesitate to share it to wow your friends or colleagues
advanced divider
Subscribe to our blog newsletter to follow the latest posts