Freely subscribe to our NEWSLETTER

“Cybercriminals launching phishing attacks is nothing new, but WormGPT is certainly going to make it easier for them to do so. A tool called metasploit has existed for many years and allows phishing emails to be sent out en masse – but a common problem has always been poor grammar and spelling mistakes, and typos are a key indicator of spam mail.

“WormGPT has the power of a large language model (LLM) behind it, enabling emails to be sent without mistakes. This takes phishing to a new level. The emails produced will be super realistic and adopt increasingly compelling topics, which helps cybercriminals lure users to click on links within emails or download malware. Recently, LLMs have also been used to auto-generate fake landing pages which can lead to people handing over their passwords or other personal information. WormGPT is still lacking a modern interface and many necessary features for business email compromise, but hacking tools generally get better so it may only be a matter of time. Any tool which makes hacking easier is a worry to all of us.

“Malicious LLMs and AI is a new frontier for cybersecurity and security measures need to keep pace. The first line of defence to stop these attacks, apart from firewalls and intrusion detection systems, is to simply educate employees about the dangers of clicking on links. However, it generally takes people to make a mistake before they learn. In an effort to train, some enterprise security teams send phishing emails containing fake malware to their employees – and when these are activated, the employees are simply lead them to a website informing them of their mistake and educating them on the dangers of what they did. Education will be crucial to combatting these attacks.”