Cyber Security Threats of ChatGPT: Guidelines to Stay Safe

The federal government recently issued an advisory to raise awareness about cyber security threats associated with ChatGPT, a powerful artificial intelligence (AI) writing tool launched last year. In the advisory released by the Cabinet Division, it was highlighted that while ChatGPT has gained immense popularity since its launch, it also poses significant risks in terms of leading cyber threats, including phishing and malware development.

To combat the potential dangers posed by this AI-enabled tool, the advisory emphasized the need for proactive measures, urging users to exercise extreme caution, due diligence, and due care. It also provided comprehensive guidelines to ensure users’ safety in the face of these emerging threats.

ChatGPT’s Malicious Capabilities: Understanding the Risks

The following list outlines some of the ways malicious actors can exploit ChatGPT:

1. Malware Generation: ChatGPT’s ability to generate malware has transitioned from theoretical to practical. It is already gaining traction and being discussed in various Dark Web forums.

2. Phishing Emails: ChatGPT has demonstrated its capability to generate highly convincing phishing and spear-phishing emails. This raises concerns as these malicious emails have a higher chance of evading email providers’ spam filters.

3. Scam Websites: With ChatGPT’s simplified code generation, even less-skilled threat actors can effortlessly create malicious websites, including masquerading pages and phishing landing pages. This tool enables the cloning of existing websites, facilitating the creation of fake e-commerce sites or platforms running scareware scams, among other deceptive practices.

4. Disinformation Campaigns: ChatGPT provides users with an unparalleled ability to generate convincing prose. It can generate thousands of fake news stories and social media posts in a fraction of the time a human does.

Guidelines and Preventive Measures: Safeguarding Against Cyber Threats

To ensure your protection against ChatGPT-related cyber threats, follow these preventative measures:

Preventing Phishing Emails:

1. Avoid opening emails, links, and attachments from unknown or suspicious sources.

2. Prior to opening any attachments, including those from trusted sources, scan them with the antivirus provided by your email service provider. If such services are unavailable, scan downloaded files using local antivirus software before opening them.

3. Please make sure that your software and operating system are updated on your devices, including PCs, laptops, mobile, and wearables.

4. Install the trusted antivirus and antimalware software from the internet and install it on your devices.

5. Refrain from using personal accounts on official devices.

6. Avoid using personal accounts on work-related devices.

7. Enable Multi-Factor Authentication (MFA) whenever possible to increase security.

8. Do not provide personal information or login credentials to unknown or dubious users, websites, or applications.

9. Type URLs directly into the browser rather than clicking on links.

10. Prioritize websites with HTTPS encryption and avoid visiting HTTP sites.

Anti-Masquerading Guidelines:

1. For Administrators:

• Implement system hardening at the OS, BIOS, and application levels to restrict incoming traffic and user permissions to the maximum extent possible.

• Employ system hardening measures to block unauthorized storage media, such as USBs.

• Regularly format removable media to minimize the lateral propagation of malware.

• Monitor network activity by utilizing file hashes, file locations, login records, and unsuccessful login attempts.

• Utilize reputable and trusted Anti-Malware, Antivirus, Firewalls, IPS, IDS, and SIEM solutions.

• Maintain separate servers/routing for offline LAN and online networks.

• Grant internet access on a need basis and apply restrictions on data usage and application rights.

• Verify software and documents through digital code-signing techniques before downloading them.

• Implement MFA in mailing systems and other critical systems controlled by administrators.

• Regularly back up critical data.

• Change passwords at the administrator level on a regular basis.

• Keep all operating systems, applications, and technical equipment up to date by promptly applying patches and updates.

• Encourage users to log in with accounts having standard user privileges to reduce the attack surface for malicious code execution.

2. For end-users:

• Before downloading email attachments, verify the sender’s authenticity through secondary means of communication, such as a call, SMS, or in-person conversation.

• Immediately report any suspicious activity to the administrator.

• Avoid storing critical data on online systems; instead, opt for standalone systems.

3. Guidelines for ChatGPT Users:

• Exercise caution when using ChatGPT and refrain from sharing sensitive or confidential information, such as passwords, financial details, or personal information.

• Be mindful of links and attachments provided by ChatGPT. Always verify the source before clicking on them and remain vigilant for suspicious or unknown sources.

• Official phones should not be used for accessing ChatGPT.

• If you encounter a security issue while using ChatGPT, report it immediately to Open AI.

Preventing Disinformation Campaigns: Government Initiatives

To combat disinformation campaigns, government departments should take the following preventative measures:

• Regularly organize awareness campaigns and training sessions.

• Verify information from multiple sources whenever possible.

By following these guidelines and adopting preventative measures, users can mitigate Chat GPT risks and ensure online safety. Stay informed, vigilant, and protect yourself against cyber threats.