WormGPT – a new unwelcome precedent

We’ve covered the various voices calling out AI tools as having a potential for misuse extensively. Now, this misuse can be said to have regularized with the creation of WormGPT, which sets a new precedent for malicious AI use.

WormGPT is largely based off of the GPT-3 large language model, but without many of the restraints and controls OpenAI places on their flagship model. This allows it to be far more freely used for illegal or unsavory uses without having to resort to “jailbreaking” – manipulating the model through inputs in order to circumvent any programing. Instead, WormGPT explicitly presents itself as a blackhat alternative to GPT models, designed specifically for malicious activities.

The main impact this is having is on the danger of business email compromise (BEC) attacks. Technically a form of spearphishing, BEC attacks (as discussed on this NCSC infographic) aim to trick company leadership into transferring funds or accidentally leaking sensitive information.

Daniel Kelley, head of security research at SlashNext, highlights that BEC attacks orchestrated through WormGPT or jailbroken AI tools are particularly worrisome due to their ease of creation as well as their fluency and grammar. Generative tools allow criminals to write their text prompts in their native language before transforming it with AI tools to fit the target. SlashNext specifically point to this lowered entry threshold as one of the key points – with AI tools, good language skills and persuasive ability is no longer required to carry out an attack.

How can you protect your business?

As with other forms of social engineering attacks, the key preventative measures are cybersecurity training and employee awareness. With the advent of AI-generated models, it will become harder to find telltale signs an email is not genuine based merely on the tone of the text or potential mistakes.

Instead, the key is to go slow and think about actions you are taking. When looking over an email, ask yourself these questions:

  1. Does the email contain a veiled threat that asks you to act urgently? This is not normally done, and phrases such as “you only have twenty-four hours” or “click here immediately” are a warning sign.
  2. Do the financial processes the email requests match our organization’s standard procedures? Anything strange should get more scrutiny.
  3. Do we do business with this organization or have we been in contact with them previously?

By checking in with yourself this way and coaching others in your organization to do likewise, you reduce the chance of your systems being compromised. However, you can never completely eliminate them. That’s where having a safety net comes in.

Protect your data with TECH-ARROW

disaster recovery plan is the next required step to get your organization prepared for a possible cyberattack. Even if the breach has been isolated, restoring access to any compromised, corrupted or deleted data is going to be a top priority.

With our contentACCESS Archive and Backup, you don’t have to wait! With your data placed in our archive and backup unified solution, you have constant access through our Outlook and Teams plug-ins, our mobile apps, and our online web access, without requiring a time exhaustive full restore of your data. In addition, storing critical information in an archive and offloading it from your live server reduces the critical data that is easily accessible to a malicious actor if they manage to penetrate your network.

With our team’s help, ensure that your organization is backstopped in the case of your preventative measures being breached. Leverage our combined decades of archiving and cybersecurity experiences to improve and bring your systems into the future. If you’re interested in learning more, contact us and schedule a meeting where our experts can show you our solutions and discuss how best they can meet your needs.


Take the best steps to protect your data – with TECH-ARROW.

Archive all your O365 data with contentACCESS

by Matúš Koronthály